Skip to content

Commit

Permalink
Added config to make operator watch in arbitrary namespaces
Browse files Browse the repository at this point in the history
Signed-off-by: David Losert <[email protected]>
  • Loading branch information
davelosert committed May 25, 2020
1 parent d4042b2 commit 606eacd
Show file tree
Hide file tree
Showing 6 changed files with 29 additions and 3 deletions.
2 changes: 1 addition & 1 deletion charts/jaeger-operator/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
description: jaeger-operator Helm chart for Kubernetes
name: jaeger-operator
version: 2.14.2
version: 2.15.0
appVersion: 1.17.1
home: https://www.jaegertracing.io/
icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg
Expand Down
3 changes: 2 additions & 1 deletion charts/jaeger-operator/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,8 @@ The following table lists the configurable parameters of the jaeger-operator cha
| `rbac.create` | All required roles and rolebindings will be created | `true` |
| `serviceAccount.create` | Service account to use | `true` |
| `rbac.pspEnabled` | Pod security policy for pod will be created and included in rbac role | `false` |
| `rbac.clusterRole` | ClusterRole will be used by operator ServiceAccount | `false` |
| `rbac.clusterRole` | ClusterRole will be used with ClusterRoleBinding by operator ServiceAccount to watch all namespaces | `false` |
| `rbac.watchNamespaces` | ClusterRole will be used with RoleBindings in all specified namespaces by operator ServiceAccount | `[]` |
| `serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `nil` |
| `resources` | K8s pod resources | `None` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
Expand Down
2 changes: 2 additions & 0 deletions charts/jaeger-operator/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@ spec:
- name: WATCH_NAMESPACE
{{- if .Values.rbac.clusterRole }}
value: ""
{{- else if .Values.rbac.watchNamespaces }}
value: {{ join "," .Values.rbac.watchNamespaces | quote }}
{{- else }}
valueFrom:
fieldRef:
Expand Down
21 changes: 21 additions & 0 deletions charts/jaeger-operator/templates/role-binding.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
{{- if .Values.rbac.create }}
{{- if not .Values.rbac.watchNamespaces }}
kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
Expand All @@ -14,4 +15,24 @@ roleRef:
kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role
name: {{ include "jaeger-operator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- else }}
{{- range .Values.rbac.watchNamespaces }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "jaeger-operator.fullname" $ }}
namespace: {{ $.Release.Namespace }}
labels:
{{ include "jaeger-operator.labels" $ | indent 4 }}
subjects:
- kind: ServiceAccount
namespace: {{ . }}
name: {{ include "jaeger-operator.serviceAccountName" $ }}
roleRef:
kind: ClusterRole
name: {{ include "jaeger-operator.fullname" $ }}
apiGroup: rbac.authorization.k8s.io
---
{{- end -}}
{{- end -}}
{{- end }}
2 changes: 1 addition & 1 deletion charts/jaeger-operator/templates/role.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- if .Values.rbac.create }}
kind: {{ if .Values.rbac.clusterRole }}Cluster{{ end }}Role
kind: {{ if or .Values.rbac.clusterRole .Values.rbac.watchNamespaces }}Cluster{{ end }}Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "jaeger-operator.fullname" . }}
Expand Down
2 changes: 2 additions & 0 deletions charts/jaeger-operator/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ rbac:
create: true
pspEnabled: false
clusterRole: false
# Specifies arbitrary namespaces to be watched
watchNamespaces: []

serviceAccount:
# Specifies whether a ServiceAccount should be created
Expand Down

0 comments on commit 606eacd

Please sign in to comment.