public_git
/
kubernetes-operator
mirror of https://github.com/jenkinsci/kubernetes-operator.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Helm chart: Fix role and rb templates for case with jenkins ns being empty string (#624)

This commit is contained in:
Sig00rd 2021-08-11 14:49:53 +02:00 committed by GitHub
parent ba78896ea6
commit 65bc574cb8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
chart/jenkins-operator/templates/role.yaml
View File

@ -1,4 +1,15 @@
{{ template "jenkins-operator.role" .Release.Namespace }}
{{ if ne .Release.Namespace .Values.jenkins.namespace }}
{{ template "jenkins-operator.role" .Values.jenkins.namespace }}
{{ if eq .Values.jenkins.namespace "" }}
{{- /*
# This is a special case when .Values.jenkins.namespace is equal to empty
# string which leads to WATCH_NAMESPACE env of jenkins-operator to be set to
# empty string and leads to operator actually watching all namespaces. In this
# case we need to create clusterrole and clusterrolebinding instead of role and
# rolebinding
*/ -}}
{{- template "jenkins-operator.role" .Values.jenkins.namespace }}
{{ else }}
{{- template "jenkins-operator.role" .Release.Namespace }}
{{- if ne .Release.Namespace .Values.jenkins.namespace -}}
{{- template "jenkins-operator.role" .Values.jenkins.namespace }}
{{- end }}
{{ end }}

46
chart/jenkins-operator/templates/role_binding.yaml
View File

@ -1,3 +1,25 @@
{{ if eq .Values.jenkins.namespace "" }}
{{- /*
# This is a special case when .Values.jenkins.namespace is equal to empty
# string which leads to WATCH_NAMESPACE env of jenkins-operator to be set to
# empty string and leads to operator actually watching all namespaces. In this
# case we need to create clusterrole and clusterrolebinding instead of role and
# rolebinding
*/ -}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-operator
subjects:
- kind: ServiceAccount
name: jenkins-operator
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: jenkins-operator
apiGroup: rbac.authorization.k8s.io
{{ else }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@ -12,28 +34,7 @@ roleRef:
kind: Role
name: jenkins-operator
apiGroup: rbac.authorization.k8s.io
{{ if eq .Values.jenkins.namespace "" }}
{{- /*
# This is a special case when .Values.jenkins.namespace is equal to empty
# string which leads to WATCH_NAMESPACE env of jenkins-operator to be set to
# empty string and leads to operator actually watching all namespaces. In this
# case we need to create clusterrole and clusterrolebinding instead of role and
# rolebinding
*/}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-operator
subjects:
- kind: ServiceAccount
name: jenkins-operator
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: jenkins-operator
apiGroup: rbac.authorization.k8s.io
{{ else if ne .Release.Namespace .Values.jenkins.namespace }}
{{ if ne .Release.Namespace .Values.jenkins.namespace }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
@ -49,3 +50,4 @@ roleRef:
name: jenkins-operator
apiGroup: rbac.authorization.k8s.io
{{ end }}
{{ end }}