From 947f1e75064821748058e966426e518000e83091 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 1 Apr 2018 06:09:12 +0200 Subject: [PATCH 1/5] add serviceaccount first in rbac.yaml --- jupyterhub/templates/pod-culler/rbac.yaml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/jupyterhub/templates/pod-culler/rbac.yaml b/jupyterhub/templates/pod-culler/rbac.yaml index 3ca66c8254..18ad26ece2 100644 --- a/jupyterhub/templates/pod-culler/rbac.yaml +++ b/jupyterhub/templates/pod-culler/rbac.yaml @@ -1,4 +1,10 @@ +{{ if and .Values.cull.enabled .Values.cull.maxAge }} {{ if .Values.rbac.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: pod-culler +--- kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: @@ -26,9 +32,5 @@ roleRef: kind: Role name: pod-culler apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: pod-culler +{{- end }} {{- end }} From 79f1eb9e546b07293b18d6efbcc5ebceb2087f70 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 1 Apr 2018 06:09:39 +0200 Subject: [PATCH 2/5] add serviceaccount first in rbac.yaml now for autohttps --- .../templates/proxy/autohttps/rbac.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/jupyterhub/templates/proxy/autohttps/rbac.yaml b/jupyterhub/templates/proxy/autohttps/rbac.yaml index 420c5eb057..5afe4b6790 100644 --- a/jupyterhub/templates/proxy/autohttps/rbac.yaml +++ b/jupyterhub/templates/proxy/autohttps/rbac.yaml @@ -5,6 +5,16 @@ # This is way too many permissions, but apparently the nginx-controller # is written to sortof assume it is clusterwide ingress provider. # So we keep this as is, for now. +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: jupyterhub + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: autohttps +--- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: @@ -201,15 +211,5 @@ subjects: - kind: ServiceAccount name: autohttps namespace: {{ .Release.Namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: jupyterhub - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: autohttps {{- end }} {{ end }} \ No newline at end of file From 19fe6c89168c696f811772c9e094c8ed55766aa4 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 1 Apr 2018 06:34:05 +0200 Subject: [PATCH 3/5] add serviceaccount first in rbac.yaml now for hub --- jupyterhub/templates/hub/rbac.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jupyterhub/templates/hub/rbac.yaml b/jupyterhub/templates/hub/rbac.yaml index 2bee50d8c8..d1ee34a30e 100644 --- a/jupyterhub/templates/hub/rbac.yaml +++ b/jupyterhub/templates/hub/rbac.yaml @@ -1,4 +1,9 @@ {{ if .Values.rbac.enabled -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hub +--- kind: Role apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: @@ -23,9 +28,4 @@ roleRef: kind: Role name: hub apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: hub {{- end }} From c62f046e2e1c36ef45edfb454e567707ea5c5a81 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 1 Apr 2018 18:53:11 +0200 Subject: [PATCH 4/5] conforming indentation within the same file --- jupyterhub/templates/proxy/autohttps/rbac.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/jupyterhub/templates/proxy/autohttps/rbac.yaml b/jupyterhub/templates/proxy/autohttps/rbac.yaml index 5afe4b6790..79d7a35a21 100644 --- a/jupyterhub/templates/proxy/autohttps/rbac.yaml +++ b/jupyterhub/templates/proxy/autohttps/rbac.yaml @@ -93,9 +93,9 @@ roleRef: kind: ClusterRole name: nginx-{{ .Release.Name }} subjects: - - kind: ServiceAccount - name: autohttps - namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: autohttps + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role @@ -191,9 +191,9 @@ roleRef: kind: Role name: nginx subjects: - - kind: ServiceAccount - name: autohttps - namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: autohttps + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding @@ -208,8 +208,8 @@ roleRef: kind: Role name: kube-lego subjects: - - kind: ServiceAccount - name: autohttps - namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: autohttps + namespace: {{ .Release.Namespace }} {{- end }} {{ end }} \ No newline at end of file From cd0958e9c31855db3b78b3cbc30308b947fb703b Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 1 Apr 2018 19:52:56 +0200 Subject: [PATCH 5/5] unharmful indentation fix --- jupyterhub/templates/image-puller/_helper.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jupyterhub/templates/image-puller/_helper.yaml b/jupyterhub/templates/image-puller/_helper.yaml index 26fdaabbda..870795b1df 100644 --- a/jupyterhub/templates/image-puller/_helper.yaml +++ b/jupyterhub/templates/image-puller/_helper.yaml @@ -26,10 +26,10 @@ metadata: spec: selector: matchLabels: - app: jupyterhub - component: {{ .name }} - release: {{ .top.Release.Name }} - heritage: {{ .top.Release.Service }} + app: jupyterhub + component: {{ .name }} + release: {{ .top.Release.Name }} + heritage: {{ .top.Release.Service }} updateStrategy: type: RollingUpdate rollingUpdate: