From 6e4b2cf137d5a10cccfe7f15ff668b620c11dcf0 Mon Sep 17 00:00:00 2001 From: Mathis <84033116+mathis-marcotte@users.noreply.github.com> Date: Thu, 18 Apr 2024 10:27:36 -0400 Subject: [PATCH] feat(aaw-financial-data-reconciliation): added service account (#464) * feat(aaw-financial-data-reconciliation): added clusterrole and service account --------- Co-authored-by: Mathis Marcotte --- .../Chart.yaml | 4 +++- .../templates/clusterrole-binding.yaml | 12 ++++++++++++ .../templates/clusterrole.yaml | 13 +++++++++++++ .../templates/cronjob.yaml | 1 + .../templates/service-account.yaml | 4 ++++ 5 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 stable/aaw-financial-data-reconciliation-application/templates/clusterrole-binding.yaml create mode 100644 stable/aaw-financial-data-reconciliation-application/templates/clusterrole.yaml create mode 100644 stable/aaw-financial-data-reconciliation-application/templates/service-account.yaml diff --git a/stable/aaw-financial-data-reconciliation-application/Chart.yaml b/stable/aaw-financial-data-reconciliation-application/Chart.yaml index 4d83caaa..dbdb52e7 100644 --- a/stable/aaw-financial-data-reconciliation-application/Chart.yaml +++ b/stable/aaw-financial-data-reconciliation-application/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for AAW Financial Data Reconciliation name: aaw-financial-data-reconciliation -version: 0.1.6 +version: 0.1.7 home: https://statcan.gc.ca icon: https://www.python.org/static/img/python-logo sources: @@ -10,4 +10,6 @@ sources: maintainers: - name: Marc-André Ménard email: marc-andre.menard@statcan.gc.ca + - name: Mathis Marcotte + email: mathis.marcotte@statcan.gc.ca engine: gotpl diff --git a/stable/aaw-financial-data-reconciliation-application/templates/clusterrole-binding.yaml b/stable/aaw-financial-data-reconciliation-application/templates/clusterrole-binding.yaml new file mode 100644 index 00000000..e7ab120c --- /dev/null +++ b/stable/aaw-financial-data-reconciliation-application/templates/clusterrole-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: aaw-financial-data-reconciliation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: aaw-financial-data-reconciliation +subjects: +- kind: ServiceAccount + name: aaw-financial-data-reconciliation + namespace: org-ces-system diff --git a/stable/aaw-financial-data-reconciliation-application/templates/clusterrole.yaml b/stable/aaw-financial-data-reconciliation-application/templates/clusterrole.yaml new file mode 100644 index 00000000..621b098d --- /dev/null +++ b/stable/aaw-financial-data-reconciliation-application/templates/clusterrole.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: aaw-financial-data-reconciliation +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch diff --git a/stable/aaw-financial-data-reconciliation-application/templates/cronjob.yaml b/stable/aaw-financial-data-reconciliation-application/templates/cronjob.yaml index c26b51a6..beecadec 100644 --- a/stable/aaw-financial-data-reconciliation-application/templates/cronjob.yaml +++ b/stable/aaw-financial-data-reconciliation-application/templates/cronjob.yaml @@ -17,6 +17,7 @@ spec: app.kubernetes.io/name: aaw-app.name app.kubernetes.io/instance: {{ .Release.Name }} spec: + serviceAccountName: aaw-financial-data-reconciliation containers: - name: aaw-financial-data-reconciliation-job image: "{{ .Values.appImage.repository }}:{{ .Values.appImage.tag }}" diff --git a/stable/aaw-financial-data-reconciliation-application/templates/service-account.yaml b/stable/aaw-financial-data-reconciliation-application/templates/service-account.yaml new file mode 100644 index 00000000..21bdd52e --- /dev/null +++ b/stable/aaw-financial-data-reconciliation-application/templates/service-account.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: aaw-financial-data-reconciliation