Skip to content

Commit

Permalink
expose admin clusterrole
Browse files Browse the repository at this point in the history
  • Loading branch information
@padraigmc
padraigmc committed Nov 11, 2024
1 parent 087bd10 commit 875c0f9
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 2 deletions.
11 changes: 10 additions & 1 deletion chart/templates/gotk/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,8 +261,17 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
name: {{ .Values.gotk.rbac.adminClusterRole.name }}
subjects:
- kind: ServiceAccount
name: fluxcd
namespace: "{{ .Release.Namespace }}"
{{ if .Values.gotk.rbac.adminClusterRole.rules }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.gotk.rbac.adminClusterRole.name }}
rules:
{{ .Values.gotk.rbac.adminClusterRole.rules | toYaml }}
{{- end }}
11 changes: 10 additions & 1 deletion chart/templates/kraan/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,9 +156,18 @@ metadata:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
name: {{ .Values.kraan.rbac.adminClusterRole.name }}
subjects:
- kind: ServiceAccount
name: kraan
namespace: {{.Release.Namespace}}
{{ if .Values.kraan.rbac.adminClusterRole.rules }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.kraan.rbac.adminClusterRole.name }}
rules:
{{ .Values.kraan.rbac.adminClusterRole.rules | toYaml }}
{{- end }}
{{- end }}
40 changes: 40 additions & 0 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,26 @@ kraan:
enabled: true
rbac:
enabled: true
adminClusterRole:
# admin ClusterRole to be used by the controller, default is cluster-admin
name: "cluster-admin-kraan"
# specify rules to create a ClusterRole
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
# rules: []
rules:
- apiGroups:
- helm.toolkit.fluxcd.io
resources:
- helmreleases
- helmreleases/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
netpolicy:
enabled: true
kraanController:
Expand Down Expand Up @@ -79,6 +99,26 @@ kraan:
gotk:
rbac:
enabled: true
adminClusterRole:
# admin ClusterRole to be used by the controller, default is cluster-admin
name: "cluster-admin-gotk"
# specify rules to create a ClusterRole
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
# rules: []
rules:
- apiGroups:
- helm.toolkit.fluxcd.io
resources:
- helmreleases
- helmreleases/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
netpolicy:
enabled: true

Expand Down

0 comments on commit 875c0f9

Please sign in to comment.