Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
shixiong
/
okd
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Ver Fonte

Remove RBAC console template

The console is changing to discover if the template service broker is
running by looking at the service classes on the client. This means the
console no longer needs the RBAC template. It also no longer needs to
manually trigger a rollout after the template service broker is
installed or removed.
Samuel Padgett há 7 anos atrás
pai
c7bc7ab0d4
commit
4559402f4e
6 ficheiros alterados com 0 adições e 77 exclusões
Visão Unificada Mostrar Estatísticas Diff
  1. 0 1
      roles/openshift_web_console/defaults/main.yml
  2. 0 38
      roles/openshift_web_console/files/console-rbac-template.yaml
  3. 0 6
      roles/openshift_web_console/tasks/install.yml
  4. 0 20
      roles/openshift_web_console/tasks/rollout_console.yml
  5. 0 6
      roles/template_service_broker/tasks/install.yml
  6. 0 6
      roles/template_service_broker/tasks/remove.yml

+ 0 - 1
roles/openshift_web_console/defaults/main.yml
Ver Ficheiro 

@@ -2,7 +2,6 @@
 
 openshift_web_console_nodeselector: {"node-role.kubernetes.io/master":"true"}
 
 openshift_web_console_nodeselector: {"node-role.kubernetes.io/master":"true"}
 
 
 
 __console_template_file: "console-template.yaml"
 
 __console_template_file: "console-template.yaml"
 
-__console_rbac_file: "console-rbac-template.yaml"
 
 __console_config_file: "console-config.yaml"
 
 __console_config_file: "console-config.yaml"
 
 
 
 openshift_web_console_image_dict:
 
 openshift_web_console_image_dict:

+ 0 - 38
roles/openshift_web_console/files/console-rbac-template.yaml
Ver Ficheiro 

@@ -1,38 +0,0 @@
 
-apiVersion: template.openshift.io/v1
 
-kind: Template
 
-metadata:
 
-  name: web-console-server-rbac
 
-parameters:
 
-- name: NAMESPACE
 
-  # This namespace cannot be changed. Only `openshift-web-console` is supported.
 
-  value: openshift-web-console
 
-objects:
 
-
 
-
 
-# allow grant powers to the webconsole server for cluster inspection
 
-- apiVersion: rbac.authorization.k8s.io/v1beta1
 
-  kind: ClusterRole
 
-  metadata:
 
-    name: system:openshift:web-console-server
 
-  rules:
 
-  - apiGroups:
 
-    - "servicecatalog.k8s.io"
 
-    resources:
 
-    - clusterservicebrokers
 
-    verbs:
 
-    - get
 
-    - list
 
-    - watch
 
-
 
-# Grant the service account for the web console
 
-- apiVersion: rbac.authorization.k8s.io/v1beta1
 
-  kind: ClusterRoleBinding
 
-  metadata:
 
-    name: system:openshift:web-console-server
 
-  roleRef:
 
-    kind: ClusterRole
 
-    name: system:openshift:web-console-server
 
-  subjects:
 
-  - kind: ServiceAccount
 
-    namespace: ${NAMESPACE}
 
-    name: webconsole

+ 0 - 6
roles/openshift_web_console/tasks/install.yml
Ver Ficheiro 

@@ -23,7 +23,6 @@
 
     dest: "{{ mktemp.stdout }}/{{ item }}"
 
     dest: "{{ mktemp.stdout }}/{{ item }}"
 
   with_items:
 
   with_items:
 
   - "{{ __console_template_file }}"
 
   - "{{ __console_template_file }}"
 
-  - "{{ __console_rbac_file }}"
 
   - "{{ __console_config_file }}"
 
   - "{{ __console_config_file }}"
 
 
 
 # Check if an existing webconsole-config config map exists. If so, use those
 
 # Check if an existing webconsole-config config map exists. If so, use those
 
@@ -115,11 +114,6 @@
 
     src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
 
     src: "{{ mktemp.stdout }}/{{ __console_config_file }}"
 
   register: updated_console_config
 
   register: updated_console_config
 
 
 
-- name: Reconcile with the web console RBAC file
 
-  shell: >
 
-    {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_rbac_file }}" --config={{ mktemp.stdout }}/admin.kubeconfig
 
-    | {{ openshift_client_binary }} auth reconcile --config={{ mktemp.stdout }}/admin.kubeconfig -f -
 
-
 
 - name: Apply the web console template file
 
 - name: Apply the web console template file
 
   shell: >
 
   shell: >
 
     {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_template_file }}"
 
     {{ openshift_client_binary }} process -f "{{ mktemp.stdout }}/{{ __console_template_file }}"

+ 0 - 20
roles/openshift_web_console/tasks/rollout_console.yml
Ver Ficheiro 

@@ -1,20 +0,0 @@
 
----
 
-- name: Check if console deployment exists
 
-  oc_obj:
 
-    kind: deployments
 
-    name: webconsole
 
-    namespace: openshift-web-console
 
-    state: list
 
-  register: console_deployment
 
-
 
-# There's currently no command to trigger a rollout for a k8s deployment
 
-# without changing the pod spec. Add an annotation to force a rollout.
 
-- name: Rollout updated web console deployment
 
-  oc_edit:
 
-    kind: deployments
 
-    name: webconsole
 
-    namespace: openshift-web-console
 
-    separator: '#'
 
-    content:
 
-      spec#template#metadata#annotations#installer-triggered-rollout: "{{ ansible_date_time.iso8601_micro }}"
 
-  when: console_deployment.results.results.0 | length > 0

+ 0 - 6
roles/template_service_broker/tasks/install.yml
Ver Ficheiro 

@@ -8,9 +8,3 @@
 
     openshift_master_ensure_nodes_service: Template Service Broker
 
     openshift_master_ensure_nodes_service: Template Service Broker
 
 
 
 - include_tasks: deploy.yml
 
 - include_tasks: deploy.yml
 
-
 
-- name: Rollout console so it discovers the template service broker is installed
 
-  include_role:
 
-    name: openshift_web_console
 
-    tasks_from: rollout_console.yml
 
-  when: openshift_web_console_install | default(true) | bool

+ 0 - 6
roles/template_service_broker/tasks/remove.yml
Ver Ficheiro 

@@ -36,9 +36,3 @@
 
     state: absent
 
     state: absent
 
     name: "{{ mktemp.stdout }}"
 
     name: "{{ mktemp.stdout }}"
 
   changed_when: False
 
   changed_when: False
 
-
 
-- name: Rollout console so it discovers the template service broker is removed
 
-  include_role:
 
-    name: openshift_web_console
 
-    tasks_from: rollout_console.yml
 
-  when: openshift_web_console_install | default(true) | bool