Maintain consistency in RBAC template definition with resources tied to

KashifSaadat · KashifSaadat · commit 3182df903e89 · 2018-09-28T16:08:05.000+01:00
namespaces

Signed-off-by: Kashif Saadat &lt;kashifsaadat@gmail.com&gt;
diff --git a/mysql-operator/templates/02-rbac.yaml b/mysql-operator/templates/02-rbac.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: mysql-operator
-  namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}mysql-operator{{ else }}{{ .Values.operator.namespace}}{{ end }}
+  namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}mysql-operator{{ else }}{{ .Values.operator.namespace }}{{ end }}
 
 ---
 apiVersion: v1
@@ -17,8 +17,8 @@ metadata:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
 metadata:
-  name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else}}
-  namespace: {{ .Values.operator.namespace}}{{ end }}
+  name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
+  namespace: {{ .Values.operator.namespace }}{{ end }}
 rules:
   - apiGroups: [""]
     resources: ["pods"]
@@ -34,7 +34,7 @@ rules:
     verbs:
       {{- if hasPrefix "0.1" .Values.image.tag }}
       - get
-      {{- end}}
+      {{- end }}
       - create
 
   - apiGroups: [""]
@@ -88,7 +88,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
 metadata:
-  name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else}}
+  name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
   namespace: {{ .Values.operator.namespace}}{{ end }}
 rules:
   - apiGroups: [""]
@@ -129,29 +129,29 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding
 metadata:
-  name: mysql-operator
-  namespace: {{ .Values.operator.namespace}}
+  name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
+  namespace: {{ .Values.operator.namespace }}{{ end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
   name: mysql-operator
 subjects:
 - kind: ServiceAccount
   name: mysql-operator
-  namespace: {{ .Values.operator.namespace }}
+  namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}mysql-operator{{ else }}{{ .Values.operator.namespace }}{{ end }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding
 metadata:
-  name: mysql-agent
-  namespace: {{ .Values.operator.namespace}}
+  name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
+  namespace: default{{ end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
   name: mysql-agent
 subjects:
 - kind: ServiceAccount
   name: mysql-agent
-  namespace: {{ .Values.operator.namespace }}
+  namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}default{{ else }}{{ .Values.operator.namespace }}{{ end }}
 {{- end }}
