From e6ea6839a8f657c1266c25ba4aba43c837329fa3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Dulko?= <mdulko@redhat.com>
Date: Wed, 5 Apr 2017 14:24:24 +0200
Subject: Initial Kuryr support

This commit enables deploying Kuryr networking on top of OpenShift in
containers. kuryr-controller is a Deployment and kuryr-cni is deployed
as DaemonSet (container will drop all CNI configuration files).

Co-Authored-By: Antoni Segura Puimedon <celebdor@gmail.com>
---
 roles/kuryr/tasks/serviceaccount.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 roles/kuryr/tasks/serviceaccount.yaml

(limited to 'roles/kuryr/tasks/serviceaccount.yaml')

diff --git a/roles/kuryr/tasks/serviceaccount.yaml b/roles/kuryr/tasks/serviceaccount.yaml
new file mode 100644
index 000000000..088f13091
--- /dev/null
+++ b/roles/kuryr/tasks/serviceaccount.yaml
@@ -0,0 +1,31 @@
+---
+- name: Create Controller service account
+  oc_serviceaccount:
+    name: kuryr-controller
+    namespace: "{{ kuryr_namespace }}"
+  register: saout
+
+- name: Create a role for the Kuryr
+  oc_clusterrole: "{{ kuryr_clusterrole }}"
+
+- name: Fetch the created Kuryr controller cluster role
+  oc_clusterrole:
+    name: kuryrctl
+    state: list
+  register: crout
+
+- name: Grant Kuryr the privileged security context constraints
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}"
+    namespace: "{{ kuryr_namespace }}"
+    resource_kind: scc
+    resource_name: privileged
+    state: present
+
+- name: Assign role to Kuryr service account
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ kuryr_namespace }}:{{ saout.results.results.0.metadata.name }}"
+    namespace: "{{ kuryr_namespace }}"
+    resource_kind: cluster-role
+    resource_name: "{{ crout.results.results.metadata.name }}"
+    state: present
-- 
cgit v1.2.3