Mirrors/flux2
1
0
Fork 0
mirror of synced 2026-02-06 19:05:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Replace SA namespace in RBAC

Browse Source 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
2021-01-26 18:57:36 +02:00
parent f4db124d50
commit 4c29a1ca27
1 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/manifestgen/install/manifests.go
View File

@@ -17,8 +17,10 @@ limitations under the License.
package install
import (
"bytes"
"context"
"fmt"
"io/ioutil"
"net/http"
"os"
"path"
@@ -91,9 +93,23 @@ func generate(base string, options Options) error {
return fmt.Errorf("generate roles kustomization failed: %w", err)
}
if err := copyFile(filepath.Join(base, "rbac.yaml"), filepath.Join(base, "roles/rbac.yaml")); err != nil {
rbacFile := filepath.Join(base, "roles/rbac.yaml")
if err := copyFile(filepath.Join(base, "rbac.yaml"), rbacFile); err != nil {
return fmt.Errorf("generate rbac failed: %w", err)
}
// workaround for kustomize not being able to patch the SA in ClusterRoleBindings
defaultNS := MakeDefaultOptions().Namespace
if defaultNS != options.Namespace {
rbac, err := ioutil.ReadFile(rbacFile)
if err != nil {
return fmt.Errorf("reading rbac file failed: %w", err)
}
rbac = bytes.ReplaceAll(rbac, []byte(defaultNS), []byte(options.Namespace))
if err := ioutil.WriteFile(rbacFile, rbac, os.ModePerm); err != nil {
return fmt.Errorf("replacing service account namespace in rbac failed: %w", err)
}
}
return nil
}