Merge pull request #21 from datawire/nkrause/rbac-fix

Update tag and override RBAC resource name option
emissary-ingress · Jan 31, 2020 · 9000ee3 · 9000ee3
2 parents db81273 + 911618d
commit 9000ee3
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,12 @@
 This file documents all notable changes to Ambassador Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 
+## v6.1.1
+
+Minor Improvements:
+
+- Adds: Option to override the name of the RBAC resources
+
 ## v6.1.0
 
 Minor improvements including:

diff --git a/Chart.yaml b/Chart.yaml
@@ -1,9 +1,9 @@
 apiVersion: v1
-appVersion: 1.0.0
-ossVersion: 0.86.1
+appVersion: 1.1.0
+ossVersion: 1.1.0
 description: A Helm chart for Datawire Ambassador
 name: ambassador
-version: 6.1.0
+version: 6.1.1
 icon: https://www.getambassador.io/images/logo.png
 home: https://www.getambassador.io/
 sources:

diff --git a/README.md b/README.md
@@ -96,7 +96,7 @@ The following tables lists the configurable parameters of the Ambassador chart a
 | `env`                              | Any additional environment variables for ambassador pods                        | `{}`                              |
 | `image.pullPolicy`                 | Ambassador image pull policy                                                    | `IfNotPresent`                    |
 | `image.repository`                 | Ambassador image                                                                | `quay.io/datawire/aes`            |
-| `image.tag`                        | Ambassador image tag                                                            | `1.0.0`                           |
+| `image.tag`                        | Ambassador image tag                                                            | `1.1.0`                           |
 | `imagePullSecrets`                 | Image pull secrets                                                              | `[]`                              |
 | `namespace.name`                   | Set the `AMBASSADOR_NAMESPACE` environment variable                             | `metadata.namespace`              |
 | `scope.singleNamespace`            | Set the `AMBASSADOR_SINGLE_NAMESPACE` environment variable and create namespaced RBAC if `rbac.enabled: true` | `false`|
@@ -108,6 +108,7 @@ The following tables lists the configurable parameters of the Ambassador chart a
 | `priorityClassName`                | The name of the priorityClass for the ambassador DaemonSet/Deployment           | `""`                              |
 | `rbac.create`                      | If `true`, create and use RBAC resources                                        | `true`                            |
 | `rbac.podSecurityPolicies`         | pod security polices to bind to                                                 |                                   |
+| `rbac.nameOverride`                | Overrides the default name of the RBAC resources                                | ``                                |
 | `replicaCount`                     | Number of Ambassador replicas                                                   | `3`                               |
 | `resources`                        | CPU/memory resource requests/limits                                             | `{}`                              |
 | `securityContext`                  | Set security context for pod                                                    | `{ "runAsUser": "8888" }`         |

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
@@ -42,6 +42,13 @@ Create the name of the service account to use
 {{- end -}}
 {{- end -}}
 
+{{/*
+Create the name of the RBAC to use
+*/}}
+{{- define "ambassador.rbacName" -}}
+{{ default (include "ambassador.fullname" .) .Values.rbac.nameOverride }}
+{{- end -}}
+
 {{/*
 Define the http port of the Ambassador service
 */}}

diff --git a/templates/crds-rbac.yaml b/templates/crds-rbac.yaml
@@ -4,7 +4,7 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
-  name: {{ include "ambassador.fullname" . }}-crds
+  name: {{ include "ambassador.rbacName" . }}-crds
   labels:
     app.kubernetes.io/name: {{ include "ambassador.name" . }}
     helm.sh/chart: {{ include "ambassador.chart" . }}
@@ -33,7 +33,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "ambassador.fullname" . }}-crds
+  name: {{ include "ambassador.rbacName" . }}-crds
   labels:
     app.kubernetes.io/name: {{ include "ambassador.name" . }}
     helm.sh/chart: {{ include "ambassador.chart" . }}
@@ -42,7 +42,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "ambassador.fullname" . }}-crds
+  name: {{ include "ambassador.rbacName" . }}-crds
 subjects:
   - name: {{ include "ambassador.serviceAccountName" . }}
     namespace: {{ .Release.Namespace | quote }}

diff --git a/templates/rbac.yaml b/templates/rbac.yaml
@@ -6,7 +6,7 @@ kind: Role
 kind: ClusterRole
 {{- end }}
 metadata:
-  name: {{ include "ambassador.fullname" . }}
+  name: {{ include "ambassador.rbacName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: {{ include "ambassador.name" . }}
@@ -78,7 +78,7 @@ kind: RoleBinding
 kind: ClusterRoleBinding
 {{- end }}
 metadata:
-  name: {{ include "ambassador.fullname" . }}
+  name: {{ include "ambassador.rbacName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: {{ include "ambassador.name" . }}
@@ -93,7 +93,7 @@ roleRef:
   {{- else }}
   kind: ClusterRole
   {{- end }}
-  name: {{ include "ambassador.fullname" . }}
+  name: {{ include "ambassador.rbacName" . }}
 subjects:
   - name: {{ include "ambassador.serviceAccountName" . }}
     namespace: {{ .Release.Namespace }}

diff --git a/values.yaml b/values.yaml
@@ -36,7 +36,7 @@ podDisruptionBudget: {}
 
 # Additional container environment variable
 env:
-  {}
+  AMBASSADOR_SINGLENAMESPACE: "true"
   # Exposing statistics via StatsD
   # STATSD_ENABLED: true
   # STATSD_HOST: statsd-sink
@@ -56,7 +56,7 @@ securityContext:
 
 image:
   repository: quay.io/datawire/aes
-  tag: 1.0.0
+  tag: 1.1.0
   pullPolicy: IfNotPresent
 
 dnsPolicy: "ClusterFirst"
@@ -148,7 +148,11 @@ rbac:
   create: true
   podSecurityPolicies:
     {}
-
+  # Name of the RBAC resources defaults to the name of the release. 
+  # Set nameOverride when installing Ambassador with cluster-wide scope in
+  # different namespaces with the same release name to avoid conflicts.
+  nameOverride:
+
 scope:
   # tells Ambassador to only use resources in the namespace or namespace set by namespace.name
   singleNamespace: false