Skip to content

Commit 491c9ab

Browse files
klueskaklueska
authored
Merge pull request #585 from cdesiniotis/cleanup-multi-ns-rbac
Create one service account even if additional namespaces are configured
2 parents 2236702 + 3d1edb4 commit 491c9ab

File tree

1 file changed

+16
-16
lines changed
  • deployments/helm/nvidia-dra-driver-gpu/templates

1 file changed

+16
-16
lines changed

deployments/helm/nvidia-dra-driver-gpu/templates/rbac.yaml

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -29,14 +29,12 @@ rules:
2929
- apiGroups: [""]
3030
resources: ["pods"]
3131
verbs: ["get", "list", "watch"]
32-
33-
{{- range $namespace := splitList "," (include "nvidia-dra-driver-gpu.namespaces" .) }}
3432
---
3533
apiVersion: v1
3634
kind: ServiceAccount
3735
metadata:
3836
name: {{ include "nvidia-dra-driver-gpu.serviceAccountName" $ }}
39-
namespace: {{ $namespace }}
37+
namespace: {{ include "nvidia-dra-driver-gpu.namespace" . }}
4038
labels:
4139
{{- include "nvidia-dra-driver-gpu.labels" $ | nindent 4 }}
4240
{{- with $.Values.serviceAccount.annotations }}
@@ -45,6 +43,21 @@ metadata:
4543
{{- end }}
4644
---
4745
apiVersion: rbac.authorization.k8s.io/v1
46+
kind: ClusterRoleBinding
47+
metadata:
48+
name: {{ include "nvidia-dra-driver-gpu.name" $ }}-clusterrole-binding-{{ include "nvidia-dra-driver-gpu.namespace" . }}
49+
subjects:
50+
- kind: ServiceAccount
51+
name: {{ include "nvidia-dra-driver-gpu.serviceAccountName" $ }}
52+
namespace: {{ include "nvidia-dra-driver-gpu.namespace" . }}
53+
roleRef:
54+
kind: ClusterRole
55+
name: {{ include "nvidia-dra-driver-gpu.name" $ }}-clusterrole
56+
apiGroup: rbac.authorization.k8s.io
57+
58+
{{- range $namespace := splitList "," (include "nvidia-dra-driver-gpu.namespaces" .) }}
59+
---
60+
apiVersion: rbac.authorization.k8s.io/v1
4861
kind: Role
4962
metadata:
5063
name: {{ include "nvidia-dra-driver-gpu.name" $ }}-role
@@ -67,18 +80,5 @@ roleRef:
6780
kind: Role
6881
name: {{ include "nvidia-dra-driver-gpu.name" $ }}-role
6982
apiGroup: rbac.authorization.k8s.io
70-
---
71-
apiVersion: rbac.authorization.k8s.io/v1
72-
kind: ClusterRoleBinding
73-
metadata:
74-
name: {{ include "nvidia-dra-driver-gpu.name" $ }}-clusterrole-binding-{{ $namespace }}
75-
subjects:
76-
- kind: ServiceAccount
77-
name: {{ include "nvidia-dra-driver-gpu.serviceAccountName" $ }}
78-
namespace: {{ $namespace }}
79-
roleRef:
80-
kind: ClusterRole
81-
name: {{ include "nvidia-dra-driver-gpu.name" $ }}-clusterrole
82-
apiGroup: rbac.authorization.k8s.io
8383
{{- end }}
8484
{{- end }}

0 commit comments

Comments
 (0)