Merge branch '81-add-rbac-to-the-helm-chart-for-k8s-access-from-dashboard-backend' into 'main'
Resolve "Add RBAC to the helm chart for k8s access from dashboard-backend" Closes #81 See merge request stackspin/dashboard!52
This commit is contained in:
commit
308fb12e81
7 changed files with 119 additions and 6 deletions
|
@ -1,6 +1,6 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common
|
- name: common
|
||||||
repository: https://charts.bitnami.com/bitnami
|
repository: https://charts.bitnami.com/bitnami
|
||||||
version: 2.0.1
|
version: 2.0.3
|
||||||
digest: sha256:eac8729956b60d78414de3eea46b919b44afcd7afdcd19dacd640269b3d731f2
|
digest: sha256:dfd07906c97f7fca7593af69d01f6f044e10a609a03057352142766a5caca6cd
|
||||||
generated: "2022-08-24T15:52:13.18511608+02:00"
|
generated: "2022-09-29T15:38:57.444746866+02:00"
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
annotations:
|
annotations:
|
||||||
category: Dashboard
|
category: Dashboard
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.2.8
|
appVersion: 0.3.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: common
|
- name: common
|
||||||
# https://artifacthub.io/packages/helm/bitnami/common
|
# https://artifacthub.io/packages/helm/bitnami/common
|
||||||
|
@ -23,4 +23,4 @@ name: stackspin-dashboard
|
||||||
sources:
|
sources:
|
||||||
- https://open.greenhost.net/stackspin/dashboard/
|
- https://open.greenhost.net/stackspin/dashboard/
|
||||||
- https://open.greenhost.net/stackspin/dashboard-backend/
|
- https://open.greenhost.net/stackspin/dashboard-backend/
|
||||||
version: 1.2.3
|
version: 1.3.0
|
||||||
|
|
|
@ -24,6 +24,7 @@ data:
|
||||||
HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }}
|
HYDRA_ADMIN_URL: {{ .Values.backend.hydra.adminUrl }}
|
||||||
LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }}
|
LOGIN_PANEL_URL: {{ .Values.backend.loginPanelUrl }}
|
||||||
DATABASE_URL: {{ .Values.backend.databaseUrl }}
|
DATABASE_URL: {{ .Values.backend.databaseUrl }}
|
||||||
|
LOAD_INCLUSTER_CONFIG: "true"
|
||||||
# {{- if .Values.backend.smtp.enabled }}
|
# {{- if .Values.backend.smtp.enabled }}
|
||||||
# DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
|
# DASHBOARD_BACKEND_SMTP_HOST: {{ .Values.backend.smtp.host | quote }}
|
||||||
# DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}
|
# DASHBOARD_BACKEND_SMTP_PORT: {{ .Values.backend.smtp.port | quote }}
|
||||||
|
|
45
deployment/helmchart/templates/rbac/clusterrole.yaml
Normal file
45
deployment/helmchart/templates/rbac/clusterrole.yaml
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{ template "common.names.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace | quote }}
|
||||||
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
||||||
|
{{- if .Values.commonLabels }}
|
||||||
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.commonAnnotations }}
|
||||||
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- kustomize.toolkit.fluxcd.io
|
||||||
|
resources:
|
||||||
|
- kustomizations
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- patch
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- helm.toolkit.fluxcd.io
|
||||||
|
resources:
|
||||||
|
- helmreleases
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- delete
|
||||||
|
- get
|
||||||
|
- patch
|
||||||
|
- create
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
- configmaps
|
||||||
|
verbs:
|
||||||
|
- list
|
||||||
|
- get
|
||||||
|
- patch
|
||||||
|
- delete
|
||||||
|
{{- end }}
|
22
deployment/helmchart/templates/rbac/clusterrolebinding.yaml
Normal file
22
deployment/helmchart/templates/rbac/clusterrolebinding.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{{- if .Values.rbac.create -}}
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
|
||||||
|
metadata:
|
||||||
|
name: {{ template "common.names.fullname" . }}
|
||||||
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
{{- if .Values.commonLabels }}
|
||||||
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.commonAnnotations }}
|
||||||
|
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ template "common.names.fullname" . }}
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "dashboard.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- end }}
|
22
deployment/helmchart/templates/rbac/serviceaccount.yaml
Normal file
22
deployment/helmchart/templates/rbac/serviceaccount.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
{{- if and .Values.rbac.create .Values.serviceAccount.create -}}
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "dashboard.serviceAccountName" . }}
|
||||||
|
namespace: {{ .Release.Namespace | quote }}
|
||||||
|
labels: {{- include "common.labels.standard" . | nindent 4 }}
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
{{- if .Values.commonLabels }}
|
||||||
|
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
|
||||||
|
annotations:
|
||||||
|
{{- if .Values.commonAnnotations }}
|
||||||
|
{{- include "common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.serviceAccount.annotations }}
|
||||||
|
{{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
|
||||||
|
{{- end }}
|
|
@ -236,7 +236,7 @@ backend:
|
||||||
image:
|
image:
|
||||||
registry: open.greenhost.net:4567
|
registry: open.greenhost.net:4567
|
||||||
repository: stackspin/dashboard-backend/dashboard-backend
|
repository: stackspin/dashboard-backend/dashboard-backend
|
||||||
tag: 0-2-10
|
tag: 0-3-1
|
||||||
digest: ""
|
digest: ""
|
||||||
## Optionally specify an array of imagePullSecrets.
|
## Optionally specify an array of imagePullSecrets.
|
||||||
## Secrets must be manually created in the namespace.
|
## Secrets must be manually created in the namespace.
|
||||||
|
@ -695,3 +695,26 @@ ingress:
|
||||||
## key:
|
## key:
|
||||||
## certificate:
|
## certificate:
|
||||||
secrets: []
|
secrets: []
|
||||||
|
|
||||||
|
# The dashboard-backend needs access to certain Kubernetes APIs to be able to
|
||||||
|
# install and remove apps
|
||||||
|
rbac:
|
||||||
|
## @param backend.rbac.create Specifies whether RBAC resources should be created
|
||||||
|
create: true
|
||||||
|
|
||||||
|
## ServiceAccount configuration for dashboard backend
|
||||||
|
##
|
||||||
|
serviceAccount:
|
||||||
|
## @param backend.serviceAccount.create Specifies whether a ServiceAccount should be created
|
||||||
|
##
|
||||||
|
create: true
|
||||||
|
## @param backend.serviceAccount.name The name of the ServiceAccount to use.
|
||||||
|
## If not set and create is true, a name is generated using the common.names.fullname template
|
||||||
|
##
|
||||||
|
name: ""
|
||||||
|
## @param backend.serviceAccount.automountServiceAccountToken Automount service account token for the dashboard backend service account
|
||||||
|
##
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
## @param backend.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
|
||||||
|
##
|
||||||
|
annotations: {}
|
||||||
|
|
Loading…
Reference in a new issue