Add clusterrolebinding to UI's default service account (#235)

mareklibra · web-flow · commit a7b4280d88c6 · 2022-05-10T18:20:37.000+02:00
To be allowed to create tokenreviews to query token's username.
diff --git a/deploy-ui/deploy.sh b/deploy-ui/deploy.sh
@@ -46,6 +46,7 @@ function deploy_ui() {
     render_file manifests/oauth-client.yaml
     render_file manifests/service.yaml
     render_file manifests/route.yaml
+    render_file manifests/clusterrolbinding.yaml
 }
 
 function verify_ui() {
diff --git a/deploy-ui/manifests/clusterrolbinding.yaml b/deploy-ui/manifests/clusterrolbinding.yaml
@@ -0,0 +1,17 @@
+# Enable creating tokenreviews
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sa-default-rbac
+  labels:
+    app: ztpfw-ui
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  # name: system:serviceaccount:ztpfw-ui:default
+  name: default
+  namespace: $UI_NS
+

Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ function deploy_ui() {`
`46`	`46`	`render_file manifests/oauth-client.yaml`
`47`	`47`	`render_file manifests/service.yaml`
`48`	`48`	`render_file manifests/route.yaml`
	`49`	`+ render_file manifests/clusterrolbinding.yaml`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`function verify_ui() {`