Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

break out osbs_worker and osbs_orchestrator namespace perms

Browse source 
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit is contained in:
Adam Miller 2017-08-04 14:55:45 +00:00
parent a3b31cc39d
commit c77d72e98c
2 changed files with 27 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

26
inventory/group_vars/osbs-stg
View file

@ -91,15 +91,27 @@ kubeconfig_path: /etc/origin/master/admin.kubeconfig
osbs_env: osbs_env:
HOME: "{{ lookup('env', 'HOME') }}" HOME: "{{ lookup('env', 'HOME') }}"
KUBECONFIG: "{{ osbs_kubeconfig_path }}" KUBECONFIG: "{{ osbs_kubeconfig_path }}"
os_readonly_users:
- "system:serviceaccount:{{ osbs_namespace }}:metrics" osbs_orchestrator_readonly_users:
os_readonly_groups: - "system:serviceaccount:{{ osbs_orchestrator_namespace }}:metrics"
osbs_orchestrator_readonly_groups:
- "system:authenticated" - "system:authenticated"
os_readwrite_groups: [] osbs_orchestrator_readwrite_groups: []
os_readwrite_users: osbs_orchestrator_readwrite_users:
- "{{ ansible_hostname }}" - "{{ ansible_hostname }}"
- "system:serviceaccount:{{ osbs_namespace }}:default" - "system:serviceaccount:{{ osbs_orchestrator_namespace }}:default"
- "system:serviceaccount:{{ osbs_namespace }}:builder" - "system:serviceaccount:{{ osbs_orchestrator_namespace }}:builder"
osbs_worker_readonly_users:
- "system:serviceaccount:{{ osbs_worker_namespace }}:metrics"
osbs_worker_readonly_groups:
- "system:authenticated"
osbs_worker_readwrite_groups: []
osbs_worker_readwrite_users:
- "{{ ansible_hostname }}"
- "system:serviceaccount:{{ osbs_worker_namespace }}:default"
- "system:serviceaccount:{{ osbs_worker_namespace }}:builder"
os_admin_users: os_admin_users:
- kevin - kevin
- puiterwijk - puiterwijk

16
playbooks/groups/osbs-orchestrator-cluster.yml
View file

@ -352,10 +352,10 @@
osbs_cpu_limitrange: "{{ os_cpu_limitrange }}" osbs_cpu_limitrange: "{{ os_cpu_limitrange }}"
osbs_admin_groups: "{{ os_admin_groups }}" osbs_admin_groups: "{{ os_admin_groups }}"
osbs_admin_users: "{{ os_admin_users }}" osbs_admin_users: "{{ os_admin_users }}"
osbs_readonly_groups: "{{ os_readonly_groups }}" osbs_readonly_groups: "{{ osbs_orchestrator_readonly_groups }}"
osbs_readonly_users: "{{ os_readonly_users }}" osbs_readonly_users: "{{ osbs_orchestrator_readonly_groups }}"
osbs_readwrite_groups: "{{ os_readwrite_groups }}" osbs_readwrite_groups: "{{ osbs_orchestrator_readwrite_groups }}"
osbs_readwrite_users: "{{ os_readwrite_users }}" osbs_readwrite_users: "{{ osbs_orchestrator_readwrite_users }}"
osbs_orchestrator: true osbs_orchestrator: true
osbs_worker_clusters: "{{ worker_clusters }}" osbs_worker_clusters: "{{ worker_clusters }}"
osbs_koji_secret_name: "{{ koji_secret_name }}" osbs_koji_secret_name: "{{ koji_secret_name }}"
@ -407,10 +407,10 @@
osbs_service_accounts: "{{ osbs_worker_service_accounts }}" osbs_service_accounts: "{{ osbs_worker_service_accounts }}"
osbs_admin_groups: "{{ os_admin_groups }}" osbs_admin_groups: "{{ os_admin_groups }}"
osbs_admin_users: "{{ os_admin_users }}" osbs_admin_users: "{{ os_admin_users }}"
osbs_readonly_groups: "{{ os_readonly_groups }}" osbs_readonly_groups: "{{ osbs_worker_readonly_groups }}"
osbs_readonly_users: "{{ os_readonly_users }}" osbs_readonly_users: "{{ osbs_worker_readonly_groups }}"
osbs_readwrite_groups: "{{ os_readwrite_groups }}" osbs_readwrite_groups: "{{ osbs_worker_readwrite_groups }}"
osbs_readwrite_users: "{{ os_readwrite_users }}" osbs_readwrite_users: "{{ osbs_worker_readwrite_users }}"
osbs_orchestrator: false osbs_orchestrator: false
osbs_worker_clusters: "{{ worker_clusters }}" osbs_worker_clusters: "{{ worker_clusters }}"
osbs_koji_secret_name: "{{ koji_secret_name }}" osbs_koji_secret_name: "{{ koji_secret_name }}"