split gcs and roscore in ros-core chart
Change-Id: I9453d5bea8de8f04d71663aff77f108c2f386b5c
diff --git a/apps/ros-core/templates/_helpers.tpl b/apps/ros-core/templates/_helpers.tpl
index 706bdf7..c7d4731 100644
--- a/apps/ros-core/templates/_helpers.tpl
+++ b/apps/ros-core/templates/_helpers.tpl
@@ -26,3 +26,70 @@
{{- $wtf := $context.Template.Name | replace $last $name -}}
{{ include $wtf $context }}
{{- end -}}
+
+{{/*
+Render ServiceAccount, Role, and RoleBinding required for kubernetes-entrypoint.
+*/}}
+{{- define "ros-core.service_account" -}}
+{{- $context := index . 1 -}}
+{{- $saName := index . 0 -}}
+{{- $saNamespace := $context.Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+ labels:
+{{ tuple $saName $context | include "ros-core.metadata_labels" | indent 4 }}
+---
+{{- if semverCompare ">=1.16-0" $context.Capabilities.KubeVersion.GitVersion }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+ labels:
+{{ tuple $saName $context | include "ros-core.metadata_labels" | indent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ $saName }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+---
+{{- if semverCompare ">=1.16-0" $context.Capabilities.KubeVersion.GitVersion }}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: Role
+metadata:
+ name: {{ $saName }}
+ namespace: {{ $saNamespace }}
+ labels:
+{{ tuple $saName $context | include "ros-core.metadata_labels" | indent 4 }}
+rules:
+ - apiGroups:
+ - ""
+ - extensions
+ - batch
+ - apps
+ verbs:
+ - get
+ - list
+ - patch
+ resources:
+ - statefulsets
+ - daemonsets
+ - jobs
+ - pods
+ - services
+ - endpoints
+ - configmaps
+{{- end -}}
\ No newline at end of file