Step: openshift-cluster-bot-rbac

Creates policy allowing cluster-bot the ability to poll for status of cluster operations in this namespace.

Container image used for this step: cli

cli resolves to an image built or imported by the ci-operator configuration (documentation).

Environment

Step exposes no environmental variables except the defaults.

Source Code

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
#!/bin/bash

set -o nounset
set -o errexit
set -o pipefail

# This step wants to always talk to the build farm (via service account credentials) but ci-operator
# gives steps KUBECONFIG pointing to cluster under test under some circumstances, which is never
# the correct cluster to interact with for this step.
unset KUBECONFIG

# The cluster-bot service account (ci:ci-chat-bot) polls for extracts launch information
# from a secret written to the namespace.
oc -n "${NAMESPACE}" create role "ci-chat-bot-secret-reader-${BUILD_ID}" --verb get --resource=secrets --resource-name="${JOB_NAME_SAFE}"
oc -n "${NAMESPACE}" create rolebinding "ci-chat-bot-secret-reader-binding-${BUILD_ID}" --serviceaccount "ci:ci-chat-bot" --role "ci-chat-bot-secret-reader-${BUILD_ID}"

Properties

Property Value Description
Resource requests (cpu) 100m Used in .resources.requests of the pod running this step.
Resource requests (memory) 100Mi Used in .resources.requests of the pod running this step.

GitHub Link:

https://github.com/openshift/release/blob/master/ci-operator/step-registry/openshift/cluster-bot/rbac/openshift-cluster-bot-rbac-ref.yaml

Owners:

Approvers:

Source code for this page located on GitHub