File tree Expand file tree Collapse file tree 5 files changed +78
-0
lines changed Expand file tree Collapse file tree 5 files changed +78
-0
lines changed Original file line number Diff line number Diff line change @@ -1155,3 +1155,6 @@ sysctl_settings: ""
11551155# scheduling_controls
11561156teapot_admission_controller_scheduling_controls_enabled : " false"
11571157teapot_admission_controller_scheduling_controls_default_architecture : " amd64"
1158+
1159+ # role-sync-controller configs
1160+ role_sync_controller_enabled : " false"
Original file line number Diff line number Diff line change @@ -320,3 +320,15 @@ post_apply:
320320 kind : Service
321321 namespace : kube-system
322322{{- end }}
323+ {{- if ne .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
324+ - name : role-sync-controller
325+ kind : CronJob
326+ namespace : kube-system
327+ - name : role-sync-controller
328+ kind : ClusterRole
329+ - name : role-sync-controller
330+ kind : ClusterRoleBinding
331+ - name : role-sync-controller
332+ kind : ServiceAccount
333+ namespace : kube-system
334+ {{- end }}
Original file line number Diff line number Diff line change 1+ {{ if eq .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
2+ apiVersion : batch/v1
3+ kind : CronJob
4+ metadata :
5+ name : role-sync-controller
6+ namespace : kube-system
7+ labels :
8+ application : kubernetes
9+ component : role-sync-controller
10+ spec :
11+ schedule : " */1 * * * *"
12+ jobTemplate :
13+ spec :
14+ backoffLimit : 3
15+ template :
16+ spec :
17+ restartPolicy : OnFailure
18+ containers :
19+ - name : role-sync-controller
20+ image : container-registry.zalando.net/teapot/role-sync-controller:main-1
21+ {{ end }}
Original file line number Diff line number Diff line change 1+ {{ if eq .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
2+ apiVersion : rbac.authorization.k8s.io/v1
3+ kind : ClusterRole
4+ metadata :
5+ name : role-sync-controller
6+ labels :
7+ application : kubernetes
8+ component : role-sync-controller
9+ rules :
10+ - apiGroups : [""]
11+ resources : ["namespaces"]
12+ verbs : ["list"]
13+ - apiGroups : ["rbac.authorization.k8s.io"]
14+ resources : ["rolebindings"]
15+ verbs : ["get", "create", "update"]
16+ ---
17+ apiVersion : rbac.authorization.k8s.io/v1
18+ kind : ClusterRoleBinding
19+ metadata :
20+ name : role-sync-controller
21+ labels :
22+ application : kubernetes
23+ component : role-sync-controller
24+ roleRef :
25+ apiGroup : rbac.authorization.k8s.io
26+ kind : ClusterRole
27+ name : role-sync-controller
28+ subjects :
29+ - kind : ServiceAccount
30+ name : role-sync-controller
31+ namespace : kube-system
32+ {{ end }}
Original file line number Diff line number Diff line change 1+ {{ if eq .Cluster.ConfigItems.role_sync_controller_enabled "true" }}
2+ apiVersion : v1
3+ kind : ServiceAccount
4+ metadata :
5+ name : role-sync-controller
6+ namespace : kube-system
7+ labels :
8+ application : kubernetes
9+ component : role-sync-controller
10+ {{ end }}
You can’t perform that action at this time.
0 commit comments