...
| Drawio |
|---|
| border | true |
|---|
| |
|---|
| diagramName | RBAC |
|---|
| simpleViewer | false |
|---|
| width | |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 927991 |
|---|
| revision | 25 |
|---|
|
Problems, when component is deployed individually (without "onap" master chart):
- ClusterRoleBinding "onap-binding" is missing and need to be added before deployment
- "onap-roles-wrapper" is required, as onap-* roles are used by the "ServiceAccount" chart (https://gitlab.devops.telekom.de/tnap/operations/playground/guido_rosenbaum/oom/-/tree/master/kubernetes/common/serviceAccount)
- ServiceAccount chart uses a naming schema for the default "role" binding ->
$name:=printf"%s-%s"(include"common.release"$dot)$role_typetyp
Solution for individual component deployment
In the common chart "ServiceAccount" the feature exists to create local Roles based on the values.yaml settings (needs to be tested:
| Drawio |
|---|
| border | true |
|---|
| |
|---|
| diagramName | RBAC |
|---|
| simpleViewer | false |
|---|
| width | |
|---|
| links | auto |
|---|
| tbstyle | top |
|---|
| lbox | true |
|---|
| diagramWidth | 991 |
|---|
| revision | 5 |
|---|
|