From 7848a59459da839771884b12fb2bc1aff38e4cfd Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Thu, 7 Sep 2023 03:45:48 -0500 Subject: [PATCH] Always create sshPortal authorization resources and add a service account token resource --- .../lagoon-remote/templates/ssh-portal.clusterrole.yaml | 2 -- .../templates/ssh-portal.clusterrolebinding.yaml | 2 -- .../templates/ssh-portal.serviceaccount.secret.yaml | 9 +++++++++ .../templates/ssh-portal.serviceaccount.yaml | 2 -- 4 files changed, 9 insertions(+), 6 deletions(-) create mode 100644 charts/lagoon-remote/templates/ssh-portal.serviceaccount.secret.yaml diff --git a/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml b/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml index f3070b64..92df849d 100644 --- a/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.clusterrole.yaml @@ -1,4 +1,3 @@ -{{- if .Values.sshPortal.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -42,4 +41,3 @@ rules: - pods/exec verbs: - create -{{- end }} diff --git a/charts/lagoon-remote/templates/ssh-portal.clusterrolebinding.yaml b/charts/lagoon-remote/templates/ssh-portal.clusterrolebinding.yaml index 23421e6b..c0d78076 100644 --- a/charts/lagoon-remote/templates/ssh-portal.clusterrolebinding.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.clusterrolebinding.yaml @@ -1,4 +1,3 @@ -{{- if .Values.sshPortal.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -13,4 +12,3 @@ roleRef: kind: ClusterRole name: {{ include "lagoon-remote.sshPortal.fullname" . }} apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/charts/lagoon-remote/templates/ssh-portal.serviceaccount.secret.yaml b/charts/lagoon-remote/templates/ssh-portal.serviceaccount.secret.yaml new file mode 100644 index 00000000..e805a8c2 --- /dev/null +++ b/charts/lagoon-remote/templates/ssh-portal.serviceaccount.secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: {{ include "lagoon-remote.sshPortal.fullname" . }}-token + labels: + {{- include "lagoon-remote.sshPortal.labels" . | nindent 4 }} + annotations: + kubernetes.io/service-account.name: {{ include "lagoon-remote.sshPortal.serviceAccountName" . }} diff --git a/charts/lagoon-remote/templates/ssh-portal.serviceaccount.yaml b/charts/lagoon-remote/templates/ssh-portal.serviceaccount.yaml index 1333475d..54f6e97f 100644 --- a/charts/lagoon-remote/templates/ssh-portal.serviceaccount.yaml +++ b/charts/lagoon-remote/templates/ssh-portal.serviceaccount.yaml @@ -1,4 +1,3 @@ -{{- if .Values.sshPortal.enabled -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -9,4 +8,3 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }}