Merge pull request #572 from ghouscht/fix/helm-clusterrolebinding

fix(helm): run keel with created serviceaccount and not as cluster-admin
2021-01-05 13:59:22 +00:00 · 2021-01-05 13:59:22 +00:00 · ebe0206076
parent aa4a9f7fd7 bf11af686e
commit ebe0206076
5 changed files with 6 additions and 16 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -34,7 +34,7 @@ jobs:
            shellcheck -x .test/e2e-kind.sh
  lint-charts:
    docker:
-      - image: quay.io/helmpack/chart-testing:v2.0.1
+      - image: quay.io/helmpack/chart-testing:v3.3.1
    steps:
      - checkout
      - run:
@ -47,7 +47,7 @@ jobs:
    machine: true
    environment:
      CHART_TESTING_IMAGE: quay.io/helmpack/chart-testing
-      CHART_TESTING_TAG: v2.0.1
+      CHART_TESTING_TAG: v3.3.1
      CHARTS_REPO: https://github.com/keel-hq/keel
      K8S_VERSION: v1.11.3
    steps:
--- a/.test/ct.yaml
+++ b/.test/ct.yaml
@ -4,4 +4,4 @@ chart-dirs:
  - chart
 excluded-charts:
  - common
-helm-extra-args: --timeout 800
+helm-extra-args: --timeout 800s
--- a/.test/e2e-kind.sh
+++ b/.test/e2e-kind.sh
@ -53,19 +53,11 @@ main() {
    docker cp "$KUBECONFIG" "$config_container_id:/root/.kube/config"
    # Update in kubeconfig localhost to kind container IP
    docker exec "$config_container_id" sed -i "s/localhost/$kind_container_ip/g" /root/.kube/config
-    
+
    echo "Add git remote k8s ${CHARTS_REPO}"
    git remote add k8s "${CHARTS_REPO}" &> /dev/null || true
    git fetch k8s master
    echo
-    
-    # Install Tiller with RABC
-    kubectl -n kube-system create sa tiller 
-    kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
-    docker exec "$config_container_id" helm init --service-account tiller
-    echo "Wait for Tiller to be up and ready..."
-    until kubectl -n kube-system get pods 2>&1 | grep -w "tiller-deploy"  | grep -w "1/1"; do sleep 1; done
-    echo

    # Run chart install test
    docker exec "$config_container_id" ct install --config /workdir/.test/ct.yaml
--- a/chart/keel/Chart.yaml
+++ b/chart/keel/Chart.yaml
@ -1,7 +1,7 @@
 apiVersion: v1
 name: keel
 description: Open source, tool for automating Kubernetes deployment updates. Keel is stateless, robust and lightweight.
-version: 0.9.5
+version: 0.9.6
 # Note that we use appVersion to get images tag, so make sure this is correct.
 appVersion: 0.16.1
 keywords:
--- a/chart/keel/templates/clusterrolebinding.yaml
+++ b/chart/keel/templates/clusterrolebinding.yaml
@ -1,14 +1,12 @@
 {{- if .Values.rbac.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
-# apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
  name: {{ template "keel.name" . }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  # name: {{ template "keel.name" . }}
-  name: cluster-admin
+  name: {{ template "keel.name" . }}
 subjects:
  - kind: ServiceAccount
    name: {{ template "serviceAccount.name" . }}