Skip to content

Commit c062b0f

Browse files
padraigmcpadraigmc
committed
expose admin clusterrole
1 parent 087bd10 commit c062b0f

File tree

3 files changed

+32
-2
lines changed

3 files changed

+32
-2
lines changed

chart/templates/gotk/rbac.yaml

+10-1
Original file line numberDiff line numberDiff line change
@@ -261,8 +261,17 @@ metadata:
261261
roleRef:
262262
apiGroup: rbac.authorization.k8s.io
263263
kind: ClusterRole
264-
name: cluster-admin
264+
name: {{ .Values.gotk.rbac.adminClusterRole.name }}
265265
subjects:
266266
- kind: ServiceAccount
267267
name: fluxcd
268268
namespace: "{{ .Release.Namespace }}"
269+
{{ if .Values.gotk.rbac.adminClusterRole.rules }}
270+
---
271+
apiVersion: rbac.authorization.k8s.io/v1
272+
kind: ClusterRole
273+
metadata:
274+
name: {{ .Values.gotk.rbac.adminClusterRole.name }}
275+
rules:
276+
{{ .Values.gotk.rbac.adminClusterRole.rules | toYaml }}
277+
{{- end }}

chart/templates/kraan/rbac.yaml

+10-1
Original file line numberDiff line numberDiff line change
@@ -156,9 +156,18 @@ metadata:
156156
roleRef:
157157
apiGroup: rbac.authorization.k8s.io
158158
kind: ClusterRole
159-
name: cluster-admin
159+
name: {{ .Values.kraan.rbac.adminClusterRole.name }}
160160
subjects:
161161
- kind: ServiceAccount
162162
name: kraan
163163
namespace: {{.Release.Namespace}}
164+
{{ if .Values.kraan.rbac.adminClusterRole.rules }}
165+
---
166+
apiVersion: rbac.authorization.k8s.io/v1
167+
kind: ClusterRole
168+
metadata:
169+
name: {{ .Values.kraan.rbac.adminClusterRole.name }}
170+
rules:
171+
{{ .Values.kraan.rbac.adminClusterRole.rules | toYaml }}
172+
{{- end }}
164173
{{- end }}

chart/values.yaml

+12
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,12 @@ kraan:
1616
enabled: true
1717
rbac:
1818
enabled: true
19+
adminClusterRole:
20+
# admin ClusterRole to be used by the controller, default is cluster-admin
21+
name: "cluster-admin"
22+
# specify rules to create a ClusterRole
23+
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
24+
# rules: []
1925
netpolicy:
2026
enabled: true
2127
kraanController:
@@ -79,6 +85,12 @@ kraan:
7985
gotk:
8086
rbac:
8187
enabled: true
88+
adminClusterRole:
89+
# admin ClusterRole to be used by the controller, default is cluster-admin
90+
name: "cluster-admin"
91+
# specify rules to create a ClusterRole
92+
# https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
93+
# rules: []
8294
netpolicy:
8395
enabled: true
8496

0 commit comments

Comments
 (0)