Merge pull request #2877 from zalando-incubator/collaborator-pet-cluster

Make it possible to allow collaborator admin access in pet clusters
zalando-incubator · Jan 20, 2020 · dca023e · dca023e
2 parents abb387c + 635efd7
commit dca023e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
@@ -262,6 +262,13 @@ custom_dns_zone_nameservers: "" # space seperated list of nameserver IP addresse
 # prefix prepended to ownership TXT records for external-dns
 external_dns_ownership_prefix: ""
 
+# special roles for test/pet clusters
+{{if eq .Cluster.Environment "e2e"}}
+collaborator_administrator_access: "true"
+{{else}}
+collaborator_administrator_access: "false"
+{{end}}
+
 # enable legacy serviceaccounts for smooth RBAC migration
 enable_operator_sa: "false"
 enable_default_sa: "false"

diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml
@@ -260,7 +260,7 @@ write_files:
             - --derived-role=CollaboratorManual=Collaborator24x7,Manual
 {{- else if eq .Cluster.Environment "test"}}
             - --role-mapping=CollaboratorPowerUser=cn=Deployer,ou=collaborators,ou=Kubernetes,ou=apps,dc=zalando,dc=net
-{{- else if eq .Cluster.Environment "e2e"}}
+{{- else if eq .Cluster.ConfigItems.collaborator_administrator_access "true"}}
             - --role-mapping=Administrator=cn=Contributor,ou=collaborators,ou=Kubernetes,ou=apps,dc=zalando,dc=net
 {{- end}}