Browse Source

ManageIQ SA: Adding image-puller role

Erez Freiberger 9 years ago
parent
commit
8bf8728bad
2 changed files with 20 additions and 1 deletions
  1. 12 1
      roles/openshift_manageiq/tasks/main.yaml
  2. 8 0
      roles/openshift_manageiq/vars/main.yml

+ 12 - 1
roles/openshift_manageiq/tasks/main.yaml

@@ -18,7 +18,7 @@
   failed_when: "'already exists' not in osmiq_create_mi_project.stderr and osmiq_create_mi_project.rc != 0"
   changed_when: osmiq_create_mi_project.rc == 0
 
-- name: Create Service Account
+- name: Create Admin Service Account
   shell: >
     echo {{ manageiq_service_account | to_json | quote }} |
     {{ openshift.common.client_binary }} create
@@ -29,6 +29,17 @@
   failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
   changed_when: osmiq_create_service_account.rc == 0
 
+- name: Create Image Inspector Service Account
+  shell: >
+    echo {{ manageiq_image_inspector_service_account | to_json | quote }} |
+    {{ openshift.common.client_binary }} create
+    -n management-infra
+    --config={{manage_iq_tmp_conf}}
+    -f -
+  register: osmiq_create_service_account
+  failed_when: "'already exists' not in osmiq_create_service_account.stderr and osmiq_create_service_account.rc != 0"
+  changed_when: osmiq_create_service_account.rc == 0
+
 - name: Create Cluster Role
   shell: >
     echo {{ manageiq_cluster_role | to_json | quote }} |

+ 8 - 0
roles/openshift_manageiq/vars/main.yml

@@ -15,6 +15,12 @@ manageiq_service_account:
     metadata:
       name: management-admin
 
+manageiq_image_inspector_service_account:
+    apiVersion: v1
+    kind: ServiceAccount
+    metadata:
+      name: inspector-admin
+
 manage_iq_tmp_conf: /tmp/manageiq_admin.kubeconfig
 
 manage_iq_tasks:
@@ -22,3 +28,5 @@ manage_iq_tasks:
     - policy add-role-to-user -n management-infra management-infra-admin -z management-admin
     - policy add-cluster-role-to-user cluster-reader system:serviceaccount:management-infra:management-admin
     - policy add-scc-to-user privileged system:serviceaccount:management-infra:management-admin
+    - policy add-cluster-role-to-user system:image-puller system:serviceaccount:management-infra:inspector-admin
+    - policy add-scc-to-user privileged system:serviceaccount:management-infra:inspector-admin