diff options
Diffstat (limited to 'roles/openshift_service_catalog/templates')
-rw-r--r-- | roles/openshift_service_catalog/templates/api_server.j2 | 7 | ||||
-rw-r--r-- | roles/openshift_service_catalog/templates/controller_manager.j2 | 22 | ||||
-rw-r--r-- | roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 (renamed from roles/openshift_service_catalog/templates/sc_role_patching.j2) | 5 | ||||
-rw-r--r-- | roles/openshift_service_catalog/templates/sc_view_role_patching.j2 | 11 |
4 files changed, 39 insertions, 6 deletions
diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 index c09834fd4..0e5bb7230 100644 --- a/roles/openshift_service_catalog/templates/api_server.j2 +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -24,6 +24,7 @@ spec: {% endfor %} containers: - args: + - apiserver - --storage-type - etcd - --secure-port @@ -41,9 +42,11 @@ spec: - --cors-allowed-origins - {{ cors_allowed_origin }} - --admission-control - - "KubernetesNamespaceLifecycle" + - KubernetesNamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck + - --feature-gates + - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/apiserver"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: apiserver ports: diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 index 1bbc0fa2c..e5e5f6b50 100644 --- a/roles/openshift_service_catalog/templates/controller_manager.j2 +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -29,11 +29,17 @@ spec: fieldRef: fieldPath: metadata.namespace args: + - controller-manager - -v - "5" - - "--leader-election-namespace=$(K8S_NAMESPACE)" + - --leader-election-namespace + - kube-service-catalog + - --broker-relist-interval + - "5m" + - --feature-gates + - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/controller-manager"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: controller-manager ports: @@ -41,7 +47,19 @@ spec: protocol: TCP resources: {} terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /var/run/kubernetes-service-catalog + name: service-catalog-ssl + readOnly: true dnsPolicy: ClusterFirst restartPolicy: Always securityContext: {} terminationGracePeriodSeconds: 30 + volumes: + - name: service-catalog-ssl + secret: + defaultMode: 420 + items: + - key: tls.crt + path: apiserver.crt + secretName: apiserver-ssl diff --git a/roles/openshift_service_catalog/templates/sc_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 index 69b062b3f..59cceafcf 100644 --- a/roles/openshift_service_catalog/templates/sc_role_patching.j2 +++ b/roles/openshift_service_catalog/templates/sc_admin_edit_role_patching.j2 @@ -3,8 +3,8 @@ - "servicecatalog.k8s.io" attributeRestrictions: null resources: - - instances - - bindings + - serviceinstances + - servicebindings verbs: - create - update @@ -12,6 +12,7 @@ - get - list - watch + - patch - apiGroups: - "settings.k8s.io" attributeRestrictions: null diff --git a/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 b/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 new file mode 100644 index 000000000..838993854 --- /dev/null +++ b/roles/openshift_service_catalog/templates/sc_view_role_patching.j2 @@ -0,0 +1,11 @@ +{{ original_content }} +- apiGroups: + - "servicecatalog.k8s.io" + attributeRestrictions: null + resources: + - serviceinstances + - servicebindings + verbs: + - get + - list + - watch |