diff --git a/instance-applications/120-ibm-db2u-database/templates/08-postdelete-db2-user-job-rbac.yaml b/instance-applications/120-ibm-db2u-database/templates/08-postdelete-db2-user-job-rbac.yaml index ba8d72ce6..7048e5c1b 100644 --- a/instance-applications/120-ibm-db2u-database/templates/08-postdelete-db2-user-job-rbac.yaml +++ b/instance-applications/120-ibm-db2u-database/templates/08-postdelete-db2-user-job-rbac.yaml @@ -16,7 +16,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: aws-db2-user-job-{{ .Values.instance_id }}-{{ .Values.mas_application_id }}-role-db2 + name: aws-db2-user-job-{{ .Values.instance_id }}-{{ .Values.mas_application_id }}-{{ .Values.db2_instance_name }}-role-db2 namespace: {{ .Values.db2_namespace }} annotations: argocd.argoproj.io/sync-wave: "121" @@ -56,7 +56,7 @@ rules: kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: aws-db2-user-job-{{ .Values.instance_id }}-{{ .Values.mas_application_id }}-rolebinding-db2 + name: aws-db2-user-job-{{ .Values.instance_id }}-{{ .Values.mas_application_id }}-{{ .Values.db2_instance_name }}-rolebinding-db2 namespace: {{ .Values.db2_namespace }} annotations: argocd.argoproj.io/sync-wave: "122" @@ -71,5 +71,5 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: aws-db2-user-job-{{ .Values.instance_id }}-{{ .Values.mas_application_id }}-role-db2 + name: aws-db2-user-job-{{ .Values.instance_id }}-{{ .Values.mas_application_id }}-{{ .Values.db2_instance_name }}-role-db2 {{- end }} diff --git a/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml b/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml index ba468b77b..069419004 100644 --- a/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml +++ b/instance-applications/120-ibm-wsl/templates/02-ibm-wsl-post-verify.yaml @@ -24,7 +24,7 @@ Increment this value whenever you make a change to an immutable field of the Job E.g. passing in a new environment variable. Included in $_job_hash (see below). */}} -{{- $_job_version := "v3" }} +{{- $_job_version := "v4" }} {{- /* 10 char hash appended to the job name taking into account $_job_config_values, $_job_version and $_cli_image_digest @@ -112,6 +112,55 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: wsl-precheck-role-{{ .Values.instance_id }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: wsl-precheck-role-instance-{{ .Values.instance_id }} + namespace: "{{ .Values.cpd_instance_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "092" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +rules: + - verbs: + - get + - list + apiGroups: + - '' + resources: + - secrets + - verbs: + - get + - list + apiGroups: + - zen.cpd.ibm.com + resources: + - zenservices + +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: wsl-precheck-rb-instance-{{ .Values.instance_id }} + namespace: "{{ .Values.cpd_instance_namespace }}" + annotations: + argocd.argoproj.io/sync-wave: "093" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +subjects: + - kind: ServiceAccount + name: wsl-precheck-sa + namespace: "{{ .Values.cpd_operators_namespace }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: wsl-precheck-role-instance-{{ .Values.instance_id }} + --- kind: Secret