Sync OVN with upstream
Change-Id: I0b15142aabab38fafab829a16cee0297b749e6e8
diff --git a/charts/ovn/templates/clusterrole-controller.yaml b/charts/ovn/templates/clusterrole-controller.yaml
index 8291f65..bf2cc23 100644
--- a/charts/ovn/templates/clusterrole-controller.yaml
+++ b/charts/ovn/templates/clusterrole-controller.yaml
@@ -1,3 +1,18 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -10,3 +25,4 @@
verbs:
- get
- patch
+ - list
diff --git a/charts/ovn/templates/clusterrolebinding-controller.yaml b/charts/ovn/templates/clusterrolebinding-controller.yaml
index c95ef5e..152d20f 100644
--- a/charts/ovn/templates/clusterrolebinding-controller.yaml
+++ b/charts/ovn/templates/clusterrolebinding-controller.yaml
@@ -1,3 +1,18 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -10,6 +25,3 @@
- kind: ServiceAccount
name: ovn-controller
namespace: {{ .Release.Namespace }}
-- kind: ServiceAccount
- name: ovn-controller-gw
- namespace: {{ .Release.Namespace }}
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index 3c2933f..a054338 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -26,34 +26,9 @@
{{- $configMapName := "ovn-etc" }}
{{- $serviceAccountName := "ovn-controller" }}
-{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
{{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
-rules:
-- apiGroups: [""]
- resources: ["nodes"]
- verbs: ["list", "get"]
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
-subjects:
-- kind: ServiceAccount
- name: {{ $serviceAccountName }}
- namespace: {{ $serviceAccountNamespace }}
-roleRef:
- kind: ClusterRole
- name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
- apiGroup: rbac.authorization.k8s.io
-
----
kind: DaemonSet
apiVersion: apps/v1
metadata:
diff --git a/charts/ovn/templates/role-controller.yaml b/charts/ovn/templates/role-controller.yaml
index de3cfa6..4ab9e88 100644
--- a/charts/ovn/templates/role-controller.yaml
+++ b/charts/ovn/templates/role-controller.yaml
@@ -1,7 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ovn-controller
+ namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- discovery.k8s.io
diff --git a/charts/ovn/templates/role-northd.yaml b/charts/ovn/templates/role-northd.yaml
index ca02fae..58d66e9 100644
--- a/charts/ovn/templates/role-northd.yaml
+++ b/charts/ovn/templates/role-northd.yaml
@@ -1,7 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ovn-northd
+ namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- discovery.k8s.io
diff --git a/charts/ovn/templates/role-ovsdb.yaml b/charts/ovn/templates/role-ovsdb.yaml
index 10e0e23..f435ac8 100644
--- a/charts/ovn/templates/role-ovsdb.yaml
+++ b/charts/ovn/templates/role-ovsdb.yaml
@@ -1,7 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ovn-ovsdb
+ namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- "apps"
diff --git a/charts/ovn/templates/rolebinding-controller.yaml b/charts/ovn/templates/rolebinding-controller.yaml
index 7973c7e..6ed508f 100644
--- a/charts/ovn/templates/rolebinding-controller.yaml
+++ b/charts/ovn/templates/rolebinding-controller.yaml
@@ -1,7 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn-controller
+ namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -9,5 +25,4 @@
subjects:
- kind: ServiceAccount
name: ovn-controller
-- kind: ServiceAccount
- name: ovn-controller-gw
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/ovn/templates/rolebinding-northd.yaml b/charts/ovn/templates/rolebinding-northd.yaml
index 428a470..537babe 100644
--- a/charts/ovn/templates/rolebinding-northd.yaml
+++ b/charts/ovn/templates/rolebinding-northd.yaml
@@ -1,7 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn-northd
+ namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -9,3 +25,4 @@
subjects:
- kind: ServiceAccount
name: ovn-northd
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/ovn/templates/rolebinding-ovsdb.yaml b/charts/ovn/templates/rolebinding-ovsdb.yaml
index f32382b..6211114 100644
--- a/charts/ovn/templates/rolebinding-ovsdb.yaml
+++ b/charts/ovn/templates/rolebinding-ovsdb.yaml
@@ -1,7 +1,23 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn-ovsdb
+ namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
@@ -9,5 +25,7 @@
subjects:
- kind: ServiceAccount
name: ovn-ovsdb-nb
+ namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: ovn-ovsdb-sb
+ namespace: {{ .Release.Namespace }}