From 110ae6da8d80b63a068f4537383e775d958cf9a9 Mon Sep 17 00:00:00 2001
From: "Suren A. Chilingaryan" <csa@suren.me>
Date: Sat, 14 Apr 2018 02:09:54 +0200
Subject: Provide support for global OpenShift resources (ClusterRoles, etc.)

---
 setup/configs/openshift.yml                        |  2 ++
 setup/projects/openshift/templates/maintain.yml.j2 | 33 ++++++++++++++++++++++
 setup/projects/openshift/vars/script.yml           |  2 ++
 3 files changed, 37 insertions(+)
 create mode 100644 setup/projects/openshift/templates/maintain.yml.j2
 create mode 100644 setup/projects/openshift/vars/script.yml

(limited to 'setup')

diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
index 10146e8..a4024ae 100644
--- a/setup/configs/openshift.yml
+++ b/setup/configs/openshift.yml
@@ -20,6 +20,8 @@ ands_openshift_roles:
   kaas/admin: csa, kopmann
   katrin/admin: katrin
   adei/admin: csa
+  adei/view: pdv, kopmann
+  adei/kaas-maintain: pdv, kopmann
   bora/admin: ntj
   web/admin: kopmann
   mon/admin: csa
diff --git a/setup/projects/openshift/templates/maintain.yml.j2 b/setup/projects/openshift/templates/maintain.yml.j2
new file mode 100644
index 0000000..41017a5
--- /dev/null
+++ b/setup/projects/openshift/templates/maintain.yml.j2
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: ClusterRole
+metadata:
+  annotations:
+    openshift.io/description: A user that can create and edit most objects in a project,
+      but can not update the project's membership.
+    openshift.io/reconcile-protect: "false"
+  creationTimestamp: null
+  name: kaas-maintain
+rules:
+- resources:
+  - pods/exec
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- resources:
+  - replicationcontrollers/scale
+  - deploymentconfigs/scale
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/setup/projects/openshift/vars/script.yml b/setup/projects/openshift/vars/script.yml
new file mode 100644
index 0000000..0d9ccef
--- /dev/null
+++ b/setup/projects/openshift/vars/script.yml
@@ -0,0 +1,2 @@
+oc:
+  - templates: "maintain*"
-- 
cgit v1.2.3