Skip to content

Commit

Permalink
Target namespace (#104)
Browse files Browse the repository at this point in the history 
* support target namespace
  • Loading branch information
@eyalnathan
eyalnathan authored Jul 28, 2020
1 parent 3e76180 commit fc34959
Show file tree
Hide file tree
Showing 9 changed files with 1,470 additions and 368 deletions.
2 changes: 2 additions & 0 deletions charts/service-broker-proxy-k8s/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ spec:
value: {{ template "service-broker-proxy.fullname" . }}-regsecret
- name: K8S_SECRET_NAMESPACE
value: {{ .Release.Namespace }}
- name: K8S_TARGET_NAMESPACE
value: {{ .Values.targetNamespace }}
- name: SM_USER
valueFrom:
secretKeyRef:
Expand Down
48 changes: 48 additions & 0 deletions charts/service-broker-proxy-k8s/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,11 @@ metadata:
rules:
- apiGroups: ["servicecatalog.k8s.io"]
resources:
{{- if .Values.targetNamespace }}
- servicebrokers
{{- else}}
- clusterservicebrokers
{{- end}}
verbs:
- "*"

Expand Down Expand Up @@ -71,3 +75,47 @@ subjects:
- kind: ServiceAccount
name: {{ template "service-broker-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}

{{- if .Values.targetNamespace }}
{{- if ne .Values.targetNamespace .Release.Namespace }}

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: {{ .Values.targetNamespace }}
name: {{ template "service-broker-proxy.fullname" . }}-regsecretviewer
labels:
app: {{ template "service-broker-proxy.name" . }}
chart: {{ template "service-broker-proxy.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "create", "delete", "update", "patch"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "service-broker-proxy.fullname" . }}
namespace: {{ .Values.targetNamespace }}
labels:
app: {{ template "service-broker-proxy.name" . }}
chart: {{ template "service-broker-proxy.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
kind: Role
name: {{ template "service-broker-proxy.fullname" . }}-regsecretviewer
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ template "service-broker-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}

{{- end}}
{{- end}}
3 changes: 3 additions & 0 deletions charts/service-broker-proxy-k8s/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ sm:
user: admin
password: admin

# targetNamespace is the namespace in which service brokers will be registered, if not set service brokers will be registered in cluster scope
targetNamespace:

##
# Security context
securityContext: {}
Expand Down
18 changes: 16 additions & 2 deletions pkg/k8s/api/api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,22 @@ type KubernetesAPI interface {
UpdateClusterServiceBroker(broker *v1beta1.ClusterServiceBroker) (*v1beta1.ClusterServiceBroker, error)
// SyncClusterServiceBroker synchronize a cluster-wide visible service broker
SyncClusterServiceBroker(name string, retries int) error
// UpdateClusterServiceBrokerCredentials updates broker's credentials secret
UpdateClusterServiceBrokerCredentials(secret *v1core.Secret) (*v1core.Secret, error)

// CreateNamespaceServiceBroker creates namespace service broker
CreateNamespaceServiceBroker(broker *v1beta1.ServiceBroker, namespace string) (*v1beta1.ServiceBroker, error)
// DeleteNamespaceServiceBroker deletes a service broker in a namespace
DeleteNamespaceServiceBroker(name string, namespace string, options *v1.DeleteOptions) error
// RetrieveNamespaceServiceBrokers gets all service brokers in a namespace
RetrieveNamespaceServiceBrokers(namespace string) (*v1beta1.ServiceBrokerList, error)
// RetrieveNamespaceServiceBrokerByName gets a service broker in a namespace
RetrieveNamespaceServiceBrokerByName(name, namespace string) (*v1beta1.ServiceBroker, error)
// UpdateNamespaceServiceBroker updates a service broker in a namespace
UpdateNamespaceServiceBroker(broker *v1beta1.ServiceBroker, namespace string) (*v1beta1.ServiceBroker, error)
// SyncNamespaceServiceBroker synchronize a service broker in a namespace
SyncNamespaceServiceBroker(name, namespace string, retries int) error

// UpdateServiceBrokerCredentials updates broker's credentials secret
UpdateServiceBrokerCredentials(secret *v1core.Secret) (*v1core.Secret, error)
// CreateSecret creates a secret for broker's credentials
CreateSecret(secret *v1core.Secret) (*v1core.Secret, error)
// DeleteSecret deletes broker credentials secret
Expand Down
Loading

0 comments on commit fc34959

Please sign in to comment.