mirror of
https://github.com/datahaven-xyz/datahaven
synced 2026-05-24 09:50:01 +00:00
c3e6f1258b
This PR contains improvements to the DataHaven deployment infrastructure: 1. Directory restructure: Moved from `deployment/` to `deploy/` (more common for K8s / Helm -based deployment configs). 2. Added **local environment** support: updated CLI to support deploying to a local K8s cluster. 3. Manual deployment script: `deploy/scripts/deploy.sh` for manual deployments. 4. Environment-specific configurations: Structured values files for each environment. 5. Chart organization: Renamed bridges-common-relay to relay for clarity. --------- Co-authored-by: Gonza Montiel <gon.montiel@gmail.com> Co-authored-by: Gonza Montiel <gonzamontiel@users.noreply.github.com>
38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
{{ $serviceAccountName := include "node.serviceAccountName" . }}
|
|
{{- if .Values.serviceAccount.create -}}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: {{ $serviceAccountName }}
|
|
labels:
|
|
{{- include "node.labels" . | nindent 4 }}
|
|
{{- with .Values.serviceAccount.annotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 4 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
---
|
|
{{- if .Values.serviceAccount.createRoleBinding }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ $serviceAccountName }}-service-reader
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["services"]
|
|
verbs: ["get", "list"]
|
|
---
|
|
# Allow the {{ include "node.serviceAccountName" . }}-service-port-retriever service account to read services in the {{ .Release.Namespace }} namespace
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ $serviceAccountName }}-service-reader
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: {{ $serviceAccountName }}-service-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ $serviceAccountName }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }}
|