diff options
Diffstat (limited to 'roles/openshift_service_catalog')
7 files changed, 40 insertions, 14 deletions
diff --git a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml index 56b2d1463..f449fba2b 100644 --- a/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubeservicecatalog_roles_bindings.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Template metadata: - name: service-catalog + name: service-catalog-role-bindings objects: - apiVersion: authorization.openshift.io/v1 diff --git a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml index e1af51ce6..f563ae42e 100644 --- a/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml +++ b/roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Template metadata: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings objects: - apiVersion: authorization.openshift.io/v1 diff --git a/roles/openshift_service_catalog/tasks/generate_certs.yml b/roles/openshift_service_catalog/tasks/generate_certs.yml index 416bdac70..9d55185c8 100644 --- a/roles/openshift_service_catalog/tasks/generate_certs.yml +++ b/roles/openshift_service_catalog/tasks/generate_certs.yml @@ -16,6 +16,16 @@ --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer +- name: Delete old apiserver.crt + file: + path: "{{ generated_certs_dir }}/apiserver.crt" + state: absent + +- name: Delete old apiserver.key + file: + path: "{{ generated_certs_dir }}/apiserver.key" + state: absent + - name: Generating server keys oc_adm_ca_server_cert: cert: "{{ generated_certs_dir }}/apiserver.crt" diff --git a/roles/openshift_service_catalog/tasks/install.yml b/roles/openshift_service_catalog/tasks/install.yml index 1e94c8c5d..aa3ec5724 100644 --- a/roles/openshift_service_catalog/tasks/install.yml +++ b/roles/openshift_service_catalog/tasks/install.yml @@ -47,16 +47,15 @@ dest: "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - oc_obj: - name: service-catalog + name: service-catalog-role-bindings kind: template namespace: "kube-service-catalog" files: - "{{ mktemp.stdout }}/kubeservicecatalog_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: service-catalog + template_name: service-catalog-role-bindings namespace: "kube-service-catalog" - copy: @@ -64,16 +63,15 @@ dest: "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - oc_obj: - name: kube-system-service-catalog + name: kube-system-service-catalog-role-bindings kind: template namespace: kube-system files: - "{{ mktemp.stdout }}/kubesystem_roles_bindings.yml" - delete_after: yes - oc_process: create: True - template_name: kube-system-service-catalog + template_name: kube-system-service-catalog-role-bindings namespace: kube-system - oc_obj: diff --git a/roles/openshift_service_catalog/tasks/remove.yml b/roles/openshift_service_catalog/tasks/remove.yml index 96ae61507..ca9844e79 100644 --- a/roles/openshift_service_catalog/tasks/remove.yml +++ b/roles/openshift_service_catalog/tasks/remove.yml @@ -3,10 +3,6 @@ command: > oc delete apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io --ignore-not-found -n kube-service-catalog -- name: Remove Policy Binding - command: > - oc delete policybindings/kube-system:default -n kube-system --ignore-not-found - # TODO: this module doesn't currently remove this #- name: Remove service catalog api service # oc_obj: @@ -50,6 +46,26 @@ kind: deployment name: controller-manager +- name: Remove Service Catalog kube-system Role Bindinds + shell: > + oc process kube-system-service-catalog-role-bindings -n kube-system | oc delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "kube-system-service-catalog-role-bindings" + namespace: kube-system + state: absent + +- name: Remove Service Catalog kube-service-catalog Role Bindinds + shell: > + oc process service-catalog-role-bindings -n kube-service-catalog | oc delete --ignore-not-found -f - + +- oc_obj: + kind: template + name: "service-catalog-role-bindings" + namespace: kube-service-catalog + state: absent + - name: Remove Service Catalog namespace oc_project: state: absent diff --git a/roles/openshift_service_catalog/templates/api_server.j2 b/roles/openshift_service_catalog/templates/api_server.j2 index 5d5352c1c..0e5bb7230 100644 --- a/roles/openshift_service_catalog/templates/api_server.j2 +++ b/roles/openshift_service_catalog/templates/api_server.j2 @@ -24,6 +24,7 @@ spec: {% endfor %} containers: - args: + - apiserver - --storage-type - etcd - --secure-port @@ -45,7 +46,7 @@ spec: - --feature-gates - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/apiserver"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: apiserver ports: diff --git a/roles/openshift_service_catalog/templates/controller_manager.j2 b/roles/openshift_service_catalog/templates/controller_manager.j2 index 2272cbb44..e5e5f6b50 100644 --- a/roles/openshift_service_catalog/templates/controller_manager.j2 +++ b/roles/openshift_service_catalog/templates/controller_manager.j2 @@ -29,6 +29,7 @@ spec: fieldRef: fieldPath: metadata.namespace args: + - controller-manager - -v - "5" - --leader-election-namespace @@ -38,7 +39,7 @@ spec: - --feature-gates - OriginatingIdentity=true image: {{ openshift_service_catalog_image_prefix }}service-catalog:{{ openshift_service_catalog_image_version }} - command: ["/usr/bin/controller-manager"] + command: ["/usr/bin/service-catalog"] imagePullPolicy: Always name: controller-manager ports: |