From 40b0505bc4f9bca442b23f48b92899802b0b1870 Mon Sep 17 00:00:00 2001 From: Ben Blackmore Date: Wed, 20 Jul 2022 13:58:40 +0200 Subject: [PATCH] feat: support multiple Steadybit agents within a single Kubernetes cluster connected to different Steadybit platforms --- charts/steadybit-agent/Chart.yaml | 2 +- charts/steadybit-agent/templates/_helpers.tpl | 13 +++++++++++++ charts/steadybit-agent/templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 4 ++-- charts/steadybit-agent/templates/rolebinding.yaml | 1 + 5 files changed, 18 insertions(+), 4 deletions(-) diff --git a/charts/steadybit-agent/Chart.yaml b/charts/steadybit-agent/Chart.yaml index b9f56dee..5fab5e7c 100644 --- a/charts/steadybit-agent/Chart.yaml +++ b/charts/steadybit-agent/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: steadybit-agent description: steadybit Agent Helm chart for Kubernetes. -version: 0.6.5 +version: 0.7.0 appVersion: latest home: https://www.steadybit.com/ icon: https://steadybit-website-assets.s3.amazonaws.com/logo-symbol-transparent.png diff --git a/charts/steadybit-agent/templates/_helpers.tpl b/charts/steadybit-agent/templates/_helpers.tpl index ea332def..9d3c7404 100644 --- a/charts/steadybit-agent/templates/_helpers.tpl +++ b/charts/steadybit-agent/templates/_helpers.tpl @@ -42,6 +42,19 @@ Create the name of the service account to use. {{- end -}} {{- end -}} +{{/* +Create the name of the cluster role to use. + +We cannot scope the cluster role natively via namespaces. So have have to do this by including the namespace name +within the cluster role's name. This in turn is necessary to support multiple steadybit agents per Kubernetes +cluster. + +Also see https://stackoverflow.com/questions/64871199/kubernetes-clusterrole-with-namespace-is-allowed +*/}} +{{- define "steadybit-agent.clusterRoleName" -}} +{{- printf "%s-in-%s" (include "steadybit-agent.fullname" .) .Release.Namespace -}} +{{- end -}} + {{/* Create PodSecurityPolicy to be used. */}} diff --git a/charts/steadybit-agent/templates/clusterrole.yaml b/charts/steadybit-agent/templates/clusterrole.yaml index bb2f94bc..2cda9b6c 100644 --- a/charts/steadybit-agent/templates/clusterrole.yaml +++ b/charts/steadybit-agent/templates/clusterrole.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "steadybit-agent.fullname" . }} + name: {{ template "steadybit-agent.clusterRoleName" . }} labels: {{- include "steadybit-agent.commonLabels" . | nindent 4 }} {{- range $key, $value := .Values.agent.extraLabels }} diff --git a/charts/steadybit-agent/templates/clusterrolebinding.yaml b/charts/steadybit-agent/templates/clusterrolebinding.yaml index 9cd96a5b..ad45df25 100644 --- a/charts/steadybit-agent/templates/clusterrolebinding.yaml +++ b/charts/steadybit-agent/templates/clusterrolebinding.yaml @@ -2,7 +2,7 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "steadybit-agent.fullname" . }} + name: {{ template "steadybit-agent.clusterRoleName" . }} labels: {{- include "steadybit-agent.commonLabels" . | nindent 4 }} {{- range $key, $value := .Values.agent.extraLabels }} @@ -14,6 +14,6 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ template "steadybit-agent.fullname" . }} + name: {{ template "steadybit-agent.clusterRoleName" . }} apiGroup: rbac.authorization.k8s.io {{- end -}} \ No newline at end of file diff --git a/charts/steadybit-agent/templates/rolebinding.yaml b/charts/steadybit-agent/templates/rolebinding.yaml index 0e0ea493..7cbeefdb 100644 --- a/charts/steadybit-agent/templates/rolebinding.yaml +++ b/charts/steadybit-agent/templates/rolebinding.yaml @@ -3,6 +3,7 @@ kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "steadybit-agent.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "steadybit-agent.commonLabels" . | nindent 4 }} {{- range $key, $value := .Values.agent.extraLabels }}