truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-06-16 23:19:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
febcd3863343c4adc3d98d6bf2bf5a5ecefe2fa7
chart/docs/common-library/values/rbac.md
Stavros kois 0c20405684 add workflows
2022-12-13 17:29:44 +02:00

1.7 KiB
Raw Blame History

RBAC

Key: rbac

  • Type: dict

  • Default:

    rbac:
  main:
    enabled: false
    primary: true
    clusterWide: false

  • Helm Template:

    • rbac.NAME.labels - keys
    • rbac.NAME.labels - values
    • rbac.NAME.annotations - keys
    • rbac.NAME.annotations - values
    • rbac.NAME.rules[].apiGroups - entries
    • rbac.NAME.rules[].resources - entries
    • rbac.NAME.rules[].verbs - entries
    • rbac.NAME.subjects[].kind
    • rbac.NAME.subjects[].name
    • rbac.NAME.subjects[].apiGroup

For every rbac.NAME that is enabled it will create a Role and a RoleBinding or a ClusterRole and a ClusterRoleBinding if clusterWide flag is set.

You can define the rules under the rules key, the same way you would do in a normal kubernetes object. Rules will be pass to the Role or ClusterRole object.

You can define the subjects under the subjects key, the same way you would do in a normal kubernetes object. Subjects will be pass to the RoleBinding or ClusterRoleBinding object.

subjects key is optional

The following subject is always assigned

- kind: ServiceAccount
  name: {{ $saName }}
  namespace: {{ .Release.Namespace }}

$saName is calculated based on the primary serviceAccount

Examples:

rbac:
  main:
    enabled: true
    clusterWide: true
    labels:
      key: value
    annotations:
      key: value
    rules:
      - apiGroups:
          - ""
        resources:
          - services
          - pods
        verbs:
          - get
          - list
    subjects:
      - kind: something
        name: something
        apiGroup: something

Kubernetes Documentation:

Reference in New Issue View Git Blame Copy Permalink