--- - name: generate view role binding for the hawkular service account template: src: rolebinding.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-rolebinding.yaml" vars: obj_name: hawkular-view labels: metrics-infra: hawkular roleRef: name: view subjects: - kind: ServiceAccount name: hawkular changed_when: no - name: generate hawkular-metrics cluster role binding for the hawkular service account template: src: rolebinding.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-rolebinding.yaml" vars: cluster: True obj_name: hawkular-namespace-watcher labels: metrics-infra: hawkular roleRef: kind: ClusterRole name: hawkular-metrics subjects: - kind: ServiceAccount name: hawkular namespace: "{{openshift_metrics_project}}" changed_when: no - name: generate the hawkular cluster role template: src: hawkular_metrics_role.j2 dest: "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml" changed_when: no - name: Set hawkular cluster roles oc_obj: name: hawkular-metrics namespace: "{{ openshift_metrics_project }}" kind: clusterrole files: - "{{ mktemp.stdout }}/templates/hawkular-cluster-role.yaml" delete_after: true - name: generate the metrics-server cluster role template: src: metrics-server-role.js2 dest: "{{ mktemp.stdout }}/templates/metrics-server-role.yaml" changed_when: no - name: generate auth-delegator role binding for the metrics-server service account template: src: metrics-server-auth-delegator.j2 dest: "{{ mktemp.stdout }}/templates/metrics-server-auth-delegator-rolebinding.yaml" changed_when: no - name: generate auth-reader role binding for the metrics-server api extension server template: src: metrics-server-auth-reader.j2 dest: "{{ mktemp.stdout }}/templates/extension-apiserver-authentication-reader-metrics-server-rolebinding.yaml" changed_when: no - name: generate resource-reader role binding for the metrics-server service account template: src: metrics-server-resource-reader.j2 dest: "{{ mktemp.stdout }}/templates/metrics-server-resource-reader-rolebinding.yaml" changed_when: no