Replace SA namespace in RBAC
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
@@ -17,8 +17,10 @@ limitations under the License.
|
|||||||
package install
|
package install
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
@@ -91,9 +93,23 @@ func generate(base string, options Options) error {
|
|||||||
return fmt.Errorf("generate roles kustomization failed: %w", err)
|
return fmt.Errorf("generate roles kustomization failed: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := copyFile(filepath.Join(base, "rbac.yaml"), filepath.Join(base, "roles/rbac.yaml")); err != nil {
|
rbacFile := filepath.Join(base, "roles/rbac.yaml")
|
||||||
|
if err := copyFile(filepath.Join(base, "rbac.yaml"), rbacFile); err != nil {
|
||||||
return fmt.Errorf("generate rbac failed: %w", err)
|
return fmt.Errorf("generate rbac failed: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// workaround for kustomize not being able to patch the SA in ClusterRoleBindings
|
||||||
|
defaultNS := MakeDefaultOptions().Namespace
|
||||||
|
if defaultNS != options.Namespace {
|
||||||
|
rbac, err := ioutil.ReadFile(rbacFile)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("reading rbac file failed: %w", err)
|
||||||
|
}
|
||||||
|
rbac = bytes.ReplaceAll(rbac, []byte(defaultNS), []byte(options.Namespace))
|
||||||
|
if err := ioutil.WriteFile(rbacFile, rbac, os.ModePerm); err != nil {
|
||||||
|
return fmt.Errorf("replacing service account namespace in rbac failed: %w", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user