sxwl_DL
/
yili-docker-images


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
							# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

################################
## Airflow SCC Role Binding
#################################
{{- if and .Values.rbac.create .Values.rbac.createSCCRoleBinding }}
{{- $hasWorkers := has .Values.executor (list "CeleryExecutor" "LocalKubernetesExecutor" "KubernetesExecutor" "CeleryKubernetesExecutor") }}
{{- if .Values.multiNamespaceMode }}
kind: ClusterRoleBinding
{{- else }}
kind: RoleBinding
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
{{- if not .Values.multiNamespaceMode }}
  namespace: "{{ .Release.Namespace }}"
{{- end }}
  name: {{ .Release.Name }}-scc-rolebinding
  labels:
    tier: airflow
    release: {{ .Release.Name }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    heritage: {{ .Release.Service }}
{{- with .Values.labels }}
{{ toYaml . | indent 4 }}
{{- end }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: system:openshift:scc:anyuid
subjects:
  - kind: ServiceAccount
    name: {{ include "webserver.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- if $hasWorkers }}
  - kind: ServiceAccount
    name: {{ include "worker.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- end }}
  - kind: ServiceAccount
    name: {{ include "scheduler.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- if and .Values.statsd.enabled }}
  - kind: ServiceAccount
    name: {{ include "statsd.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- end }}
{{- if and .Values.flower.enabled (or (eq .Values.executor "CeleryExecutor") (eq .Values.executor "CeleryKubernetesExecutor")) }}
  - kind: ServiceAccount
    name: {{ include "flower.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- end}}
{{- if and (semverCompare ">=2.2.0" .Values.airflowVersion) }}
  - kind: ServiceAccount
    name: {{ include "triggerer.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- end }}
  - kind: ServiceAccount
    name: {{ include "migrateDatabaseJob.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- if .Values.webserver.defaultUser.enabled }}
  - kind: ServiceAccount
    name: {{ include "createUserJob.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- end }}
{{- if and .Values.cleanup.enabled }}
  - kind: ServiceAccount
    name: {{ include "cleanup.serviceAccountName" . }}
    namespace: "{{ .Release.Namespace }}"
{{- end }}
{{- end }}