diff --git a/chart/jenkins-operator/templates/_role.yaml b/chart/jenkins-operator/templates/_role.yaml new file mode 100644 index 00000000..ed34150b --- /dev/null +++ b/chart/jenkins-operator/templates/_role.yaml @@ -0,0 +1,132 @@ +{{ define "jenkins-operator.role" }} +{{ $namespace := . }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jenkins-operator + namespace: {{ $namespace }} +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - list + - watch + - apiGroups: + - "" + resources: + - pods/portforward + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - "*" + - apiGroups: + - "" + resources: + - events + verbs: + - get + - watch + - list + - create + - patch + - apiGroups: + - apps + resourceNames: + - jenkins-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - jenkins.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - get + - list + - watch + - apiGroups: + - "route.openshift.io" + resources: + - routes + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "image.openshift.io" + resources: + - imagestreams + verbs: + - get + - list + - watch + - apiGroups: + - "build.openshift.io" + resources: + - builds + - buildconfigs + verbs: + - get + - list + - watch +{{ end }} \ No newline at end of file diff --git a/chart/jenkins-operator/templates/operator.yaml b/chart/jenkins-operator/templates/operator.yaml index ca3af6a9..ffc1c7cf 100644 --- a/chart/jenkins-operator/templates/operator.yaml +++ b/chart/jenkins-operator/templates/operator.yaml @@ -34,9 +34,7 @@ spec: args: [] env: - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + value: {{ .Values.jenkins.namespace }} - name: POD_NAME valueFrom: fieldRef: diff --git a/chart/jenkins-operator/templates/role.yaml b/chart/jenkins-operator/templates/role.yaml index cc15fdd0..f3c31553 100644 --- a/chart/jenkins-operator/templates/role.yaml +++ b/chart/jenkins-operator/templates/role.yaml @@ -1,128 +1,4 @@ ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: jenkins-operator -rules: - - apiGroups: - - "" - resources: - - services - - configmaps - - secrets - verbs: - - get - - create - - update - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create - - update - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - - rolebindings - verbs: - - get - - create - - update - - list - - watch - - apiGroups: - - "" - resources: - - pods/portforward - verbs: - - create - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - pods - - pods/exec - verbs: - - "*" - - apiGroups: - - "" - resources: - - events - verbs: - - get - - watch - - list - - create - - patch - - apiGroups: - - apps - resourceNames: - - jenkins-operator - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - jenkins.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - get - - list - - watch - - apiGroups: - - "route.openshift.io" - resources: - - routes - verbs: - - get - - list - - watch - - create - - update - - apiGroups: - - "image.openshift.io" - resources: - - imagestreams - verbs: - - get - - list - - watch - - apiGroups: - - "build.openshift.io" - resources: - - builds - - buildconfigs - verbs: - - get - - list - - watch +{{ template "jenkins-operator.role" .Release.Namespace }} +{{ if ne .Release.Namespace .Values.jenkins.namespace }} +{{ template "jenkins-operator.role" .Values.jenkins.namespace }} +{{ end }} \ No newline at end of file diff --git a/chart/jenkins-operator/templates/role_binding.yaml b/chart/jenkins-operator/templates/role_binding.yaml index 8224b7c1..23817139 100644 --- a/chart/jenkins-operator/templates/role_binding.yaml +++ b/chart/jenkins-operator/templates/role_binding.yaml @@ -3,10 +3,28 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins-operator + namespace: {{ .Release.Namespace }} subjects: -- kind: ServiceAccount - name: jenkins-operator + - kind: ServiceAccount + name: jenkins-operator + namespace: {{ .Release.Namespace }} roleRef: kind: Role name: jenkins-operator apiGroup: rbac.authorization.k8s.io +{{ if ne .Release.Namespace .Values.jenkins.namespace }} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: jenkins-operator + namespace: {{ .Values.jenkins.namespace }} +subjects: + - kind: ServiceAccount + name: jenkins-operator + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: jenkins-operator + apiGroup: rbac.authorization.k8s.io +{{ end }} \ No newline at end of file diff --git a/chart/jenkins-operator/values.yaml b/chart/jenkins-operator/values.yaml index e27c0ba8..363296c1 100644 --- a/chart/jenkins-operator/values.yaml +++ b/chart/jenkins-operator/values.yaml @@ -73,7 +73,7 @@ jenkins: # - name: job-dsl # version: "1.77" # - name: configuration-as-code - # version: "1.46" + # version: "1.47" # - name: kubernetes-credentials-provider # version: 0.15 basePlugins: