RedHatTraining/agnosticd.git

parent: eddb1a6a | patch | commit | ignore whitespace

Wolfgang Kulhanek

2019-03-15 b8fcb4c605c722d24123d32b5cb33b6f2e09f07c

Fixed Automation Broker Role

1 files added

2 files modified

	ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml	4 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2	12 ●●●●● patch \| view \| raw \| blame \| history
	ansible/roles/ocp4-workload-automation-broker/templates/subscription.j2	2 ●●●●● patch \| view \| raw \| blame \| history

 ansible/roles/ocp4-workload-automation-broker/tasks/workload.yml

@@ -38,7 +38,9 @@
  - ./templates/automation_broker.j2

- name: Grant Automation Broker Service Account cluster-admin
  command: "oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:{{ broker_project }}:ansible-service-broker"
  k8s:
    state: present
    definition: "{{ lookup('template', './templates/cluster_role_binding.j2' ) | from_yaml }}"

# Leave this as the last task in the playbook.
- name: workload tasks complete

 ansible/roles/ocp4-workload-automation-broker/templates/cluster_role_binding.j2

New file
@@ -0,0 +1,12 @@
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: automation-broker-binding
subjects:
- kind: ServiceAccount
  name: ansible-service-broker
  namespace: "{{ _broker_project }}"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

 ansible/roles/ocp4-workload-automation-broker/templates/subscription.j2

@@ -7,6 +7,6 @@
  channel: alpha
  installPlanApproval: Automatic
  name: automationbroker
  source: installed-community-automation-broker
  source: installed-community-openshift-automation-broker
  sourceNamespace: "{{ _broker_project }}"
  startingCSV: "{{ _broker_subscription_csv }}"

			@@ -38,7 +38,9 @@
			- ./templates/automation_broker.j2

			- name: Grant Automation Broker Service Account cluster-admin
			command: "oc adm policy add-cluster-role-to-user cluster-admin system:serviceaccount:{{ broker_project }}:ansible-service-broker"
			k8s:
			state: present
			definition: "{{ lookup('template', './templates/cluster_role_binding.j2' ) \| from_yaml }}"

			# Leave this as the last task in the playbook.
			- name: workload tasks complete

New file
			@@ -0,0 +1,12 @@
			kind: ClusterRoleBinding
			apiVersion: rbac.authorization.k8s.io/v1
			metadata:
			name: automation-broker-binding
			subjects:
			- kind: ServiceAccount
			name: ansible-service-broker
			namespace: "{{ _broker_project }}"
			roleRef:
			kind: ClusterRole
			name: cluster-admin
			apiGroup: rbac.authorization.k8s.io

			@@ -7,6 +7,6 @@
			channel: alpha
			installPlanApproval: Automatic
			name: automationbroker
			source: installed-community-automation-broker
			source: installed-community-openshift-automation-broker
			sourceNamespace: "{{ _broker_project }}"
			startingCSV: "{{ _broker_subscription_csv }}"