diff --git a/src/mas/devops/tekton.py b/src/mas/devops/tekton.py index ed371301..45539d14 100644 --- a/src/mas/devops/tekton.py +++ b/src/mas/devops/tekton.py @@ -102,12 +102,11 @@ def updateTektonDefinitions(namespace: str, yamlFile: str) -> None: logger.debug(line) -def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True): +def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, storageClass: str = None, accessMode: str = None, waitForBind: bool = True, configureRBAC: bool = True): templateDir = path.join(path.abspath(path.dirname(__file__)), "templates") env = Environment( loader=FileSystemLoader(searchpath=templateDir) ) - if instanceId is None: namespace = "mas-pipelines" template = env.get_template("pipelines-rbac-cluster.yml.j2") @@ -115,12 +114,13 @@ def preparePipelinesNamespace(dynClient: DynamicClient, instanceId: str = None, namespace = f"mas-{instanceId}-pipelines" template = env.get_template("pipelines-rbac.yml.j2") - # Create RBAC - renderedTemplate = template.render(mas_instance_id=instanceId) - logger.debug(renderedTemplate) - crb = yaml.safe_load(renderedTemplate) - clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding") - clusterRoleBindingAPI.apply(body=crb, namespace=namespace) + if configureRBAC: + # Create RBAC + renderedTemplate = template.render(mas_instance_id=instanceId) + logger.debug(renderedTemplate) + crb = yaml.safe_load(renderedTemplate) + clusterRoleBindingAPI = dynClient.resources.get(api_version="rbac.authorization.k8s.io/v1", kind="ClusterRoleBinding") + clusterRoleBindingAPI.apply(body=crb, namespace=namespace) # Create PVC (instanceId namespace only) if instanceId is not None: diff --git a/src/mas/devops/templates/pipelinerun-install.yml.j2 b/src/mas/devops/templates/pipelinerun-install.yml.j2 index cf5a4c25..40f03fc3 100644 --- a/src/mas/devops/templates/pipelinerun-install.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-install.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-install - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" diff --git a/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 b/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 index aebad41b..7e43384b 100644 --- a/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-uninstall.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-uninstall - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" @@ -34,4 +34,4 @@ spec: value: {{ uds_action }} - name: dro_namespace value: {{ dro_namespace }} - + diff --git a/src/mas/devops/templates/pipelinerun-update.yml.j2 b/src/mas/devops/templates/pipelinerun-update.yml.j2 index f2137d9e..882ab928 100644 --- a/src/mas/devops/templates/pipelinerun-update.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-update.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-update - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0" diff --git a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 index b9e41753..00a3e8c5 100644 --- a/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 +++ b/src/mas/devops/templates/pipelinerun-upgrade.yml.j2 @@ -9,7 +9,7 @@ spec: pipelineRef: name: mas-upgrade - serviceAccountName: pipeline + serviceAccountName: "{{ service_account_name | default('pipeline', True) }}" timeouts: pipeline: "0"