Skip to content

Commit c9e0e09

Browse files
dureradurera
authored
[minor] Support configurable serviceaccounts (#57)
1 parent da67cf1 commit c9e0e09

5 files changed

Lines changed: 13 additions & 13 deletions

File tree

src/mas/devops/tekton.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -102,25 +102,25 @@ def updateTektonDefinitions(namespace: str, yamlFile: str) -> None:
102102
logger.debug(line)
103103

104104

105-
def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True):
105+
def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True, configureRBAC: bool = True):
106106
templateDir = path.join(path.abspath(path.dirname(__file__)), "templates")
107107
env = Environment(
108108
loader=FileSystemLoader(searchpath=templateDir)
109109
)
110-
111110
if instanceId is None:
112111
namespace = "mas-pipelines"
113112
template = env.get_template("pipelines-rbac-cluster.yml.j2")
114113
else:
115114
namespace = f"mas-{instanceId}-pipelines"
116115
template = env.get_template("pipelines-rbac.yml.j2")
117116

118-
# Create RBAC
119-
renderedTemplate = template.render(mas_instance_id=instanceId)
120-
logger.debug(renderedTemplate)
121-
crb = yaml.safe_load(renderedTemplate)
122-
clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding")
123-
clusterRoleBindingAPI.apply(body=crb, namespace=namespace)
117+
if configureRBAC:
118+
# Create RBAC
119+
renderedTemplate = template.render(mas_instance_id=instanceId)
120+
logger.debug(renderedTemplate)
121+
crb = yaml.safe_load(renderedTemplate)
122+
clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding")
123+
clusterRoleBindingAPI.apply(body=crb, namespace=namespace)
124124

125125
# Create PVC (instanceId namespace only)
126126
if instanceId is not None:

src/mas/devops/templates/pipelinerun-install.yml.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ spec:
99
pipelineRef:
1010
name: mas-install
1111

12-
serviceAccountName: pipeline
12+
serviceAccountName: "{{ service_account_name | default('pipeline', True) }}"
1313
timeouts:
1414
pipeline: "0"
1515

src/mas/devops/templates/pipelinerun-uninstall.yml.j2

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ spec:
99
pipelineRef:
1010
name: mas-uninstall
1111

12-
serviceAccountName: pipeline
12+
serviceAccountName: "{{ service_account_name | default('pipeline', True) }}"
1313
timeouts:
1414
pipeline: "0"
1515

@@ -34,4 +34,4 @@ spec:
3434
value: {{ uds_action }}
3535
- name: dro_namespace
3636
value: {{ dro_namespace }}
37-
37+

src/mas/devops/templates/pipelinerun-update.yml.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ spec:
99
pipelineRef:
1010
name: mas-update
1111

12-
serviceAccountName: pipeline
12+
serviceAccountName: "{{ service_account_name | default('pipeline', True) }}"
1313
timeouts:
1414
pipeline: "0"
1515

src/mas/devops/templates/pipelinerun-upgrade.yml.j2

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ spec:
99
pipelineRef:
1010
name: mas-upgrade
1111

12-
serviceAccountName: pipeline
12+
serviceAccountName: "{{ service_account_name | default('pipeline', True) }}"
1313
timeouts:
1414
pipeline: "0"
1515

0 commit comments

Comments
 (0)