diff --git a/deployment/helm/node-feature-discovery/templates/clusterrolebinding.yaml b/deployment/helm/node-feature-discovery/templates/clusterrolebinding.yaml index 227bce5e53..b0a69012fd 100644 --- a/deployment/helm/node-feature-discovery/templates/clusterrolebinding.yaml +++ b/deployment/helm/node-feature-discovery/templates/clusterrolebinding.yaml @@ -16,7 +16,7 @@ subjects: {{- end }} --- -{{- if .Values.topologyUpdater.rbac.create }} +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/deployment/helm/node-feature-discovery/templates/serviceaccount.yaml b/deployment/helm/node-feature-discovery/templates/serviceaccount.yaml index 022961e454..03211e7c49 100644 --- a/deployment/helm/node-feature-discovery/templates/serviceaccount.yaml +++ b/deployment/helm/node-feature-discovery/templates/serviceaccount.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} --- -{{- if .Values.topologyUpdater.serviceAccount.create }} +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/deployment/helm/node-feature-discovery/values.yaml b/deployment/helm/node-feature-discovery/values.yaml index d13928c46c..f1524c0c61 100644 --- a/deployment/helm/node-feature-discovery/values.yaml +++ b/deployment/helm/node-feature-discovery/values.yaml @@ -400,7 +400,7 @@ topologyUpdater: createCRDs: false serviceAccount: - create: false + create: true annotations: {} name: rbac: diff --git a/docs/deployment/helm.md b/docs/deployment/helm.md index a2496f8e1c..3ef4be6a79 100644 --- a/docs/deployment/helm.md +++ b/docs/deployment/helm.md @@ -163,7 +163,7 @@ We have introduced the following Chart parameters. | `topologyUpdater.serviceAccount.create` | bool | true | Specifies whether the service account for topology updater should be created | | `topologyUpdater.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology updater | | `topologyUpdater.serviceAccount.name` | string | | The name of the service account for topology updater to use. If not set and create is true, a name is generated using the fullname template and `-topology-updater` suffix | -| `topologyUpdater.rbac.create` | bool | false | Specifies whether to create [RBAC][rbac] configuration for topology updater | +| `topologyUpdater.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology updater | | `topologyUpdater.kubeletConfigPath` | string | "" | Specifies the kubelet config host path | | `topologyUpdater.kubeletPodResourcesSockPath` | string | "" | Specifies the kubelet sock path to read pod resources | | `topologyUpdater.updateInterval` | string | 60s | Time to sleep between CR updates. Non-positive value implies no CR update. | @@ -188,7 +188,7 @@ We have introduced the following Chart parameters. | `topologyGC.serviceAccount.create` | bool | true | Specifies whether the service account for topology garbage collector should be created | | `topologyGC.serviceAccount.annotations` | dict | {} | Annotations to add to the service account for topology garbage collector | | `topologyGC.serviceAccount.name` | string | | The name of the service account for topology garbage collector to use. If not set and create is true, a name is generated using the fullname template and `-topology-gc` suffix | -| `topologyGC.rbac.create` | bool | false | Specifies whether to create [RBAC][rbac] configuration for topology garbage collector | +| `topologyGC.rbac.create` | bool | true | Specifies whether to create [RBAC][rbac] configuration for topology garbage collector | | `topologyGC.interval` | string | 1h | Time between periodic garbage collector runs | | `topologyGC.podSecurityContext` | dict | {} | [PodSecurityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) holds pod-level security attributes and common container settings | | `topologyGC.securityContext` | dict | {} | Container [security settings](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) |