Gitiles
Code Review Sign In
gerrit.opencord.org / helm-charts / 16d7092d753cac25a46f07a5be6bf0653ee610bc^! / . / omec / omec-control-plane / templates / _helpers.tpl
commit16d7092d753cac25a46f07a5be6bf0653ee610bc[log] [tgz]
authorHyunsun Moon <hyunsun@opennetworking.org>Sun Aug 25 04:57:25 2019 -0500
committerHyunsun Moon <hyunsun@opennetworking.org>Sun Aug 25 18:19:05 2019 -0500
treed22e8e52369905a44906fa27554cd9a76835a952
parentc4a7d5455f5501a3791c8ebc8df571d79ae0f637 [diff] [blame]
COMAC-167,COMAC-169,COMAC-126 Refactor SPGWC and MME

- Split SPGWC manifest to multiple files by resource type
- Reconfigure and restart SPGWC when MME pod IP changes
- Add ability to enable node port for S1U and S11 interfaces
- Remove hard-coded configurations
- Reorganize values

Change-Id: Id890d351873922fccd51282825fd35794cfdd917

diff --git a/omec/omec-control-plane/templates/_helpers.tpl b/omec/omec-control-plane/templates/_helpers.tpl
index 91aa5b6..a6630f1 100644
--- a/omec/omec-control-plane/templates/_helpers.tpl
+++ b/omec/omec-control-plane/templates/_helpers.tpl

@@ -51,3 +51,62 @@
 {{- printf "%s-0" $service -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Render ServiceAccount, Role, and RoleBinding required for kubernetes-entrypoint.
+*/}}
+{{- define "omec-control-plane.service_account" -}}
+{{- $context := index . 1 -}}
+{{- $saName := index . 0 -}}
+{{- $saNamespace := $context.Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $saName }}
+  namespace: {{ $saNamespace }}
+  labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: {{ $saName }}
+  namespace: {{ $saNamespace }}
+  labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $saName }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $saName }}
+    namespace: {{ $saNamespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: {{ $saName }}
+  namespace: {{ $saNamespace }}
+  labels:
+{{ tuple $saName $context | include "omec-control-plane.metadata_labels" | indent 4 }}
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - batch
+      - apps
+    verbs:
+      - get
+      - list
+      - patch
+    resources:
+      - statefulsets
+      - daemonsets
+      - jobs
+      - pods
+      - services
+      - endpoints
+      - configmaps
+{{- end -}}