mirror/helm-dashboard
1
0
Fork 0
mirror of https://github.com/komodorio/helm-dashboard.git synced 2026-03-24 11:48:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b76fbb130a2842acd7c7f52b3389067006f3cfcf
helm-dashboard/charts/helm-dashboard/templates/serviceaccount.yaml
Todd Turner f3c66ecf03 🎨 Remove Superfluous Rule from helm-dashboard ClusterRole (#187) 
A superfluous rule is added to the ClusterRole upon creation,
when the dashboard.allowWriteActions value is set to true.
This commit will ensure that only a single rule is created within
the ClusterRole, regardless of whether the dashboard.allowWriteActions
value is enabled or not.
The verbs within this rule will update accordingly.
2023-01-13 10:56:48 +00:00

39 lines
1.1 KiB
YAML
Raw Blame History

{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "helm-dashboard.serviceAccountName" . }}
labels:
{{- include "helm-dashboard.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "helm-dashboard.serviceAccountName" . }}
rules:
- apiGroups: ["*"]
resources: ["*"]
{{- if .Values.dashboard.allowWriteActions }}
verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "helm-dashboard.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "helm-dashboard.serviceAccountName" . }}
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ include "helm-dashboard.serviceAccountName" . }}
Reference in New Issue View Git Blame Copy Permalink