Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow adding extra rules to the clusterrole #47

Closed
jradtilbrook opened this issue Jun 7, 2019 · 4 comments · Fixed by #50
Closed

Allow adding extra rules to the clusterrole #47

jradtilbrook opened this issue Jun 7, 2019 · 4 comments · Fixed by #50

Comments

@jradtilbrook
Copy link

Is this a request for help?: Yes

Version of Helm and Kubernetes: N/A

Which chart: buildkite

What happened: Not enough or different clusterrole rules required

What you expected to happen: I have a use case that requires different clusterrole rules. I not that you can disable the creation of any RBAC in this chart. Is your intention that if a user needs something different they should create the role and binding separate to this chart? Or would you support breaking out the definition of rules to a helm variable so that users can define their own?

How to reproduce it (as minimally and precisely as possible): N/A

Anything else we need to know: N/A
@rimusz
Copy link
Collaborator

rimusz commented Jun 7, 2019

it can be done e.g. in values.yaml (hint for the PR):

rbac:
  create: true
  role:
    ## Rules to create. It follows the role specification
    rules:
    - apiGroups:
        - ""
        resources:
        - namespaces
        verbs:
        - watch
        - list
    - apiGroups:
        - ""
        resources:
        - secrets
        verbs:
        - get
        - watch
        - list
    - apiGroups:
        - ""
        - extensions
        - apps
        - batch
        resources:
        - pods
        - replicasets
        - replicationcontrollers
        - statefulsets
        - deployments
        - daemonsets
        - jobs
        - cronjobs
        verbs:
        - get
        - delete # required to delete pods during force upgrade of the same tag
        - watch
        - list
        - update
    - apiGroups:
        - ""
        resources:
        - configmaps
        - secrets
        verbs:
        - get
        - create
        - update

then in the clusterrole.yaml:

rules:
{{ toYaml .Values.rbac.role.rules }}

@jradtilbrook
Copy link
Author

Cool! Does that mean you'd accept a PR to add that?

@rimusz
Copy link
Collaborator

rimusz commented Jun 7, 2019

of course :)

@jradtilbrook jradtilbrook mentioned this issue Jun 7, 2019
Merged
2 tasks
@rimusz rimusz closed this as completed in #50 Jun 7, 2019
@loeffel-io
Copy link

how the holy can i add the value create to rbac.role.rules[2].verbs for example?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor RBAC to allow specifying rules jradtilbrook/charts
3 participants
@rimusz @jradtilbrook @loeffel-io