diff --git a/k8s/roles/agola/tasks/main.yml b/k8s/roles/agola/tasks/main.yml index c1a272b..41f1580 100644 --- a/k8s/roles/agola/tasks/main.yml +++ b/k8s/roles/agola/tasks/main.yml @@ -9,20 +9,23 @@ - name: Create Agola manifests kubernetes.core.k8s: state: present - namespace: agola - definition: "{{ lookup('template', item) | from_yaml }}" + namespace: "{{ item.namespace | default('agola') }}" + definition: "{{ lookup('template', item.file) | from_yaml }}" with_items: - - config.yml.j2 - - pvc.yml.j2 - - all-deployment.yml.j2 - - all-internal-svc.yml.j2 - - all-svc.yml.j2 - - role.yml.j2 - - rolebinding.yml.j2 - - serviceaccount.yml.j2 - - clusterrole.yml.j2 - - clusterrolebinding.yml.j2 - - ingress.yml.j2 + - file: config.yml.j2 + - file: pvc.yml.j2 + - file: all-deployment.yml.j2 + - file: all-internal-svc.yml.j2 + - file: all-svc.yml.j2 + - file: ingress.yml.j2 + - file: rbac/role.yml.j2 + - file: rbac/rolebinding.yml.j2 + - file: rbac/serviceaccount.yml.j2 + - file: rbac/clusterrole.yml.j2 + - file: rbac/clusterrolebinding.yml.j2 + - file: rbac/agola-deploy-role.yml.j2 + - file: rbac/agola-deploy-rolebinding.yml.j2 + namespace: blog # - gateway-deployment.yml.j2 # - gateway-svc.yml.j2 # - gitserver-deployment.yml.j2 diff --git a/k8s/roles/agola/templates/rbac/agola-deploy-role.yml.j2 b/k8s/roles/agola/templates/rbac/agola-deploy-role.yml.j2 new file mode 100644 index 0000000..e3a4d77 --- /dev/null +++ b/k8s/roles/agola/templates/rbac/agola-deploy-role.yml.j2 @@ -0,0 +1,29 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: agola-deploy +rules: + - apiGroups: + - "" + resources: + - configmaps + - secrets + - services + verbs: + - "*" + + - apiGroups: + - "apps" + resources: + - deployments + - statefulsets + verbs: + - "*" + + - apiGroups: + - "networking.k8s.io" + resources: + - "ingresses" + verbs: + - "*" diff --git a/k8s/roles/agola/templates/rbac/agola-deploy-rolebinding.yml.j2 b/k8s/roles/agola/templates/rbac/agola-deploy-rolebinding.yml.j2 new file mode 100644 index 0000000..16890d3 --- /dev/null +++ b/k8s/roles/agola/templates/rbac/agola-deploy-rolebinding.yml.j2 @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: agola-deploy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: agola-agola +subjects: +- kind: ServiceAccount + name: agola + namespace: agola diff --git a/k8s/roles/agola/templates/clusterrole.yml.j2 b/k8s/roles/agola/templates/rbac/clusterrole.yml.j2 similarity index 100% rename from k8s/roles/agola/templates/clusterrole.yml.j2 rename to k8s/roles/agola/templates/rbac/clusterrole.yml.j2 diff --git a/k8s/roles/agola/templates/clusterrolebinding.yml.j2 b/k8s/roles/agola/templates/rbac/clusterrolebinding.yml.j2 similarity index 100% rename from k8s/roles/agola/templates/clusterrolebinding.yml.j2 rename to k8s/roles/agola/templates/rbac/clusterrolebinding.yml.j2 diff --git a/k8s/roles/agola/templates/role.yml.j2 b/k8s/roles/agola/templates/rbac/role.yml.j2 similarity index 93% rename from k8s/roles/agola/templates/role.yml.j2 rename to k8s/roles/agola/templates/rbac/role.yml.j2 index 1473241..7f0341a 100644 --- a/k8s/roles/agola/templates/role.yml.j2 +++ b/k8s/roles/agola/templates/rbac/role.yml.j2 @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: agola - namespace: agola rules: - apiGroups: - "" diff --git a/k8s/roles/agola/templates/rolebinding.yml.j2 b/k8s/roles/agola/templates/rbac/rolebinding.yml.j2 similarity index 100% rename from k8s/roles/agola/templates/rolebinding.yml.j2 rename to k8s/roles/agola/templates/rbac/rolebinding.yml.j2 diff --git a/k8s/roles/agola/templates/serviceaccount.yml.j2 b/k8s/roles/agola/templates/rbac/serviceaccount.yml.j2 similarity index 100% rename from k8s/roles/agola/templates/serviceaccount.yml.j2 rename to k8s/roles/agola/templates/rbac/serviceaccount.yml.j2