mirror of
https://github.com/truenas/charts.git
synced 2026-04-23 18:10:06 +08:00
929e60d801
* Adapt charts CI and improve/fix common * add check on permissions contaienr * add postgres template * update comments * Update create_app.sh * add check * update script * auto gen item.yaml from Chart,yaml * rename readme on dest * duplicate readme from the same source * correct comment * reoder * remove extra space * keep both README and app-readme * update regex, to also allow 2 letter names, which is also valid * No need to check host network if there aren't any pod values * use same pattern as the pod.name label (not prepending release-name * update deps * add chart dirs to ci * Add a validation to check if there is any yaml errors after merging files * update charts path on ci * common/1.0.0/ -> common/ * update common-test dep path * temp update create_app script * make permissions container name configurable, incase we want to change order of execution * update naming convention * fix typo and a missed name change * do not allow `--` in names
65 lines
2.8 KiB
Smarty
65 lines
2.8 KiB
Smarty
{{/* RBAC Class */}}
|
|
{{/* Call this template:
|
|
{{ include "ix.v1.common.class.rbac" (dict "rootCtx" $ "objectData" $objectData) }}
|
|
|
|
rootCtx: The root context of the chart.
|
|
objectData:
|
|
name: The name of the rbac.
|
|
labels: The labels of the rbac.
|
|
annotations: The annotations of the rbac.
|
|
clusterWide: Whether the rbac is cluster wide or not.
|
|
rules: The rules of the rbac.
|
|
subjects: The subjects of the rbac.
|
|
*/}}
|
|
|
|
{{- define "ix.v1.common.class.rbac" -}}
|
|
|
|
{{- $rootCtx := .rootCtx -}}
|
|
{{- $objectData := .objectData }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
|
|
metadata:
|
|
name: {{ $objectData.name }}
|
|
{{- if not $objectData.clusterWide }}
|
|
namespace: {{ $rootCtx.Release.Namespace }}
|
|
{{- end }}
|
|
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "ix.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
|
{{- with (include "ix.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
|
labels:
|
|
{{- . | nindent 4 }}
|
|
{{- end -}}
|
|
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "ix.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
|
{{- with (include "ix.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
|
annotations:
|
|
{{- . | nindent 4 }}
|
|
{{- end }}
|
|
rules:
|
|
{{- include "ix.v1.common.lib.rbac.rules" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: {{ ternary "ClusterRoleBinding" "RoleBinding" $objectData.clusterWide }}
|
|
metadata:
|
|
name: {{ $objectData.name }}
|
|
{{- if not $objectData.clusterWide }}
|
|
namespace: {{ $rootCtx.Release.Namespace }}
|
|
{{- end }}
|
|
{{- $labels := (mustMerge ($objectData.labels | default dict) (include "ix.v1.common.lib.metadata.allLabels" $rootCtx | fromYaml)) -}}
|
|
{{- with (include "ix.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "labels" $labels) | trim) }}
|
|
labels:
|
|
{{- . | nindent 4 }}
|
|
{{- end -}}
|
|
{{- $annotations := (mustMerge ($objectData.annotations | default dict) (include "ix.v1.common.lib.metadata.allAnnotations" $rootCtx | fromYaml)) -}}
|
|
{{- with (include "ix.v1.common.lib.metadata.render" (dict "rootCtx" $rootCtx "annotations" $annotations) | trim) }}
|
|
annotations:
|
|
{{- . | nindent 4 }}
|
|
{{- end }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: {{ ternary "ClusterRole" "Role" $objectData.clusterWide }}
|
|
name: {{ $objectData.name }}
|
|
subjects:
|
|
{{- include "ix.v1.common.lib.rbac.serviceAccount" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
|
{{- include "ix.v1.common.lib.rbac.subjects" (dict "rootCtx" $rootCtx "objectData" $objectData) | trim | nindent 2 }}
|
|
{{- end -}}
|