Merge pull request #8205 from jboyd01/catalog-v0.1.16

service catalog: updates for upstream v0.1.16

roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml

@@ -26,8 +26,9 @@ objects:
   roleRef:
     kind: ClusterRole
     name: servicecatalog-serviceclass-viewer
-  groupNames:
-  - system:authenticated
+  subjects:
+  - kind: Group
+    name: system:authenticated
 
 - kind: ServiceAccount
   apiVersion: v1
@@ -76,6 +77,15 @@ objects:
     - list
     - watch
     - get
+  - apiGroups:
+    - "admissionregistration.k8s.io"
+    resources:
+    - validatingwebhookconfigurations
+    - mutatingwebhookconfigurations
+    verbs:
+    - list
+    - watch
+    - get
 
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
@@ -214,6 +224,31 @@ objects:
     name: service-catalog-controller
 
 - apiVersion: rbac.authorization.k8s.io/v1
+  kind: Role
+  metadata:
+    name: cluster-info-configmap
+    namespace: kube-service-catalog
+  rules:
+  - apiGroups:     [""]
+    resources:     ["configmaps"]
+    resourceNames: ["cluster-info"]
+    verbs:         ["get","create","list","watch","update"]
+
+- apiVersion: rbac.authorization.k8s.io/v1
+  kind: RoleBinding
+  metadata:
+    name: cluster-info-configmap-binding
+    namespace: kube-service-catalog
+  roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: cluster-info-configmap
+  subjects:
+  - kind: ServiceAccount
+    namespace: kube-service-catalog
+    name: service-catalog-controller
+
+- apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: system:auth-delegator-binding

roles/openshift_service_catalog/tasks/start.yml

@@ -1,6 +1,6 @@
 ---
 # TODO: abstract me into a relatively generic task
-- name: Verify that the web console is running
+- name: Verify that the catalog api server is running
   command: >
     curl -k https://apiserver.kube-service-catalog.svc/healthz
   args:
@@ -41,7 +41,7 @@
       msg: "{{ endpoint_events.stdout_lines }}"
   - name: Get pod logs
     command: >
-      {{ openshift_client_binary }} logs daemonset/apiserver --tail=50 --config=/etc/origin/master/admin.kubeconfig -n kube-service-catalog
+      {{ openshift_client_binary }} logs daemonset/apiserver --tail=200 --config=/etc/origin/master/admin.kubeconfig -n kube-service-catalog
     register: endpoint_log
     ignore_errors: true
   - debug:

roles/openshift_service_catalog/templates/api_server.j2

@@ -43,7 +43,7 @@ spec:
         - "3"
         - --cors-allowed-origins
         - {{ cors_allowed_origin }}
-        - --admission-control
+        - --enable-admission-plugins
         - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck
         - --feature-gates
         - OriginatingIdentity=true

roles/openshift_service_catalog/vars/default_images.yml

@@ -1,3 +1,3 @@
 ---
 __openshift_service_catalog_image_prefix: "docker.io/openshift/origin-"
-__openshift_service_catalog_image_version: "{{ openshift_service_catalog_image_version | default(openshift_image_tag) }}"
+__openshift_service_catalog_image_version: "{{ openshift_service_catalog_image_version | default('v0.1') }}"