Skip to content

Commit

Permalink
Add conditional RBAC resource creation
Browse files Browse the repository at this point in the history
- Wrap `ClusterRole` and `ClusterRoleBinding` templates with conditions to check `rbac.create` and `rbac.clusterScope` values.
- Wrap `Role` and `RoleBinding` templates with condition to check `rbac.create` value.
- Update `values.yaml` to include `rbac.create` and `rbac.clusterScope` parameters.
svinther committed Nov 19, 2024
1 parent 9ff9ff7 commit b392826
Showing 5 changed files with 13 additions and 0 deletions.
2 changes: 2 additions & 0 deletions chart/templates/rbac/clusterrole.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if and (.Values.rbac.create) (.Values.rbac.clusterScope) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
@@ -26,3 +27,4 @@ rules:
- apiGroups: [fastflow.dev]
resources: [workflows, tasks]
verbs: [list, watch]
{{- end }}
2 changes: 2 additions & 0 deletions chart/templates/rbac/clusterrolebinding.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if and (.Values.rbac.create) (.Values.rbac.clusterScope) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
@@ -10,3 +11,4 @@ subjects:
- kind: ServiceAccount
name: fastflow
namespace: "{{ .Release.Namespace }}"
{{- end }}
2 changes: 2 additions & 0 deletions chart/templates/rbac/role.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -34,3 +35,4 @@ rules:
# - apiGroups: [""]
# resources: [pods, persistentvolumeclaims]
# verbs: [create]
{{- end }}
2 changes: 2 additions & 0 deletions chart/templates/rbac/rolebinding.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
@@ -9,3 +10,4 @@ roleRef:
kind: Role
name: fastflow
apiGroup: rbac.authorization.k8s.io
{{- end }}
5 changes: 5 additions & 0 deletions chart/values.yaml
Original file line number Diff line number Diff line change
@@ -27,3 +27,8 @@ image:
## - myRegistryKeySecretName
##
pullSecrets: []

rbac:
## If true, create & use RBAC resources
create: true
clusterScope: false

0 comments on commit b392826

Please sign in to comment.