This is an automated email from the ASF dual-hosted git repository.
chufenggao pushed a commit to branch 3.0.2-prepare
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/3.0.2-prepare by this push:
new 5883e48bfc Add configmap resource permissions so config hot reload can
work (#12572) (#12795)
5883e48bfc is described below
commit 5883e48bfcbb1ee4e4dda03b94c1c4d4d71dfb8e
Author: Eric Gao <[email protected]>
AuthorDate: Mon Nov 7 19:58:57 2022 +0800
Add configmap resource permissions so config hot reload can work (#12572)
(#12795)
Co-authored-by: kezhenxu94 <[email protected]>
---
.../deployment-dolphinscheduler-alert.yaml | 1 +
.../templates/deployment-dolphinscheduler-api.yaml | 1 +
.../dolphinscheduler/templates/rbac.yaml | 53 ++++++++++++++++++++++
.../statefulset-dolphinscheduler-master.yaml | 1 +
.../statefulset-dolphinscheduler-worker.yaml | 1 +
5 files changed, 57 insertions(+)
diff --git
a/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-alert.yaml
b/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-alert.yaml
index 3f7f2796d7..bb2a8e0029 100644
---
a/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-alert.yaml
+++
b/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-alert.yaml
@@ -39,6 +39,7 @@ spec:
{{- toYaml .Values.alert.annotations | nindent 8 }}
{{- end }}
spec:
+ serviceAccountName: {{ template "dolphinscheduler.fullname" . }}
{{- if .Values.alert.affinity }}
affinity:
{{- toYaml .Values.alert.affinity | nindent 8 }}
diff --git
a/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-api.yaml
b/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-api.yaml
index 789c8eaaf5..20443c035c 100644
---
a/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-api.yaml
+++
b/deploy/kubernetes/dolphinscheduler/templates/deployment-dolphinscheduler-api.yaml
@@ -39,6 +39,7 @@ spec:
{{- toYaml .Values.api.annotations | nindent 8 }}
{{- end }}
spec:
+ serviceAccountName: {{ template "dolphinscheduler.fullname" . }}
{{- if .Values.api.affinity }}
affinity:
{{- toYaml .Values.api.affinity | nindent 8 }}
diff --git a/deploy/kubernetes/dolphinscheduler/templates/rbac.yaml
b/deploy/kubernetes/dolphinscheduler/templates/rbac.yaml
new file mode 100644
index 0000000000..a343cc1d6b
--- /dev/null
+++ b/deploy/kubernetes/dolphinscheduler/templates/rbac.yaml
@@ -0,0 +1,53 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: {{ template "dolphinscheduler.fullname" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+ release: {{ .Release.Name }}
+ name: {{ template "dolphinscheduler.fullname" . }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ template "dolphinscheduler.fullname" . }}
+ labels:
+ app: {{ template "dolphinscheduler.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "watch", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ template "dolphinscheduler.fullname" . }}
+ labels:
+ app: {{ template "dolphinscheduler.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ template "dolphinscheduler.fullname" . }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ template "dolphinscheduler.fullname" . }}
+ namespace: {{ .Release.Namespace }}
diff --git
a/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-master.yaml
b/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-master.yaml
index 1dc6ee7afd..5d640f8efb 100644
---
a/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-master.yaml
+++
b/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-master.yaml
@@ -36,6 +36,7 @@ spec:
{{- toYaml .Values.master.annotations | nindent 8 }}
{{- end }}
spec:
+ serviceAccountName: {{ template "dolphinscheduler.fullname" . }}
{{- if .Values.master.affinity }}
affinity:
{{- toYaml .Values.master.affinity | nindent 8 }}
diff --git
a/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
b/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
index 31a866c43b..267802dbb9 100644
---
a/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
+++
b/deploy/kubernetes/dolphinscheduler/templates/statefulset-dolphinscheduler-worker.yaml
@@ -36,6 +36,7 @@ spec:
{{- toYaml .Values.worker.annotations | nindent 8 }}
{{- end }}
spec:
+ serviceAccountName: {{ template "dolphinscheduler.fullname" . }}
{{- if .Values.worker.affinity }}
affinity:
{{- toYaml .Values.worker.affinity | nindent 8 }}
