Add router svcacct cluster-reader role

author: Russell Teague <rteague@redhat.com> 2017-03-14 08:25:21 -0400
committer: Russell Teague <rteague@redhat.com> 2017-03-14 08:25:21 -0400
commit: a3f2626530456e9eae9492758900a30e8d641b8b (patch)
tree: e8b6b982528818e2dfe332a264fd1711641ee36c /roles
parent: 46d1efcf1e8ab67deaa6c42460bc510650df17b0 (diff)
download: openshift-a3f2626530456e9eae9492758900a30e8d641b8b.tar.gz
openshift-a3f2626530456e9eae9492758900a30e8d641b8b.tar.bz2
openshift-a3f2626530456e9eae9492758900a30e8d641b8b.tar.xz
openshift-a3f2626530456e9eae9492758900a30e8d641b8b.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/roles/openshift_hosted/tasks/router/router.yml b/roles/openshift_hosted/tasks/router/router.yml
index 969fb27a9..0861b9ec2 100644
--- a/roles/openshift_hosted/tasks/router/router.yml
+++ b/roles/openshift_hosted/tasks/router/router.yml
@@ -37,6 +37,15 @@
     resource_name: hostnetwork
   with_items: "{{ openshift_hosted_routers }}"
 
+- name: Set additional permissions for router service account
+  oc_adm_policy_user:
+    user: "system:serviceaccount:{{ item.namespace }}:{{ item.serviceaccount }}"
+    namespace: "{{ item.namespace }}"
+    resource_kind: cluster-role
+    resource_name: cluster-reader
+  when: item.namespace == 'default'
+  with_items: "{{ openshift_hosted_routers }}"
+
 - name: Create OpenShift router
   oc_adm_router:
     name: "{{ item.name }}"
author	Russell Teague <rteague@redhat.com>	2017-03-14 08:25:21 -0400
committer	Russell Teague <rteague@redhat.com>	2017-03-14 08:25:21 -0400
commit	a3f2626530456e9eae9492758900a30e8d641b8b (patch)
tree	e8b6b982528818e2dfe332a264fd1711641ee36c /roles
parent	46d1efcf1e8ab67deaa6c42460bc510650df17b0 (diff)
download	openshift-a3f2626530456e9eae9492758900a30e8d641b8b.tar.gz openshift-a3f2626530456e9eae9492758900a30e8d641b8b.tar.bz2 openshift-a3f2626530456e9eae9492758900a30e8d641b8b.tar.xz openshift-a3f2626530456e9eae9492758900a30e8d641b8b.zip