You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the helm chart templates/role.yaml and templates/rolebinding.yaml, the creation of RBAC is tied to the serviceAccount.create flag.
It is pretty common for managed K8S deployments to create the service account and namespace prior to invoking the helm chart as the helm installation role might not have the permissions needed to create the service account on the cluster.
The general approach is to have a separate "rbac.create" flag which defaults to true as it is far more likely a consumer will setup and create their own service account as opposed to change the needed permissions required by the helm chart.
I see in templates/serviceaccount.yaml you can provide permissions related annotations via serviceAccount.annotations, but this doesn't address the problem mentioned where the helm installer might not have privileges to create a service account.
Note: I looked for another repository without the released version of the chart and could not find one, and assume it is internally managed so created the issue here.
The text was updated successfully, but these errors were encountered:
In the helm chart
templates/role.yamlandtemplates/rolebinding.yaml, the creation of RBAC is tied to theserviceAccount.createflag.It is pretty common for managed K8S deployments to create the service account and namespace prior to invoking the helm chart as the helm installation role might not have the permissions needed to create the service account on the cluster.
The general approach is to have a separate "rbac.create" flag which defaults to
trueas it is far more likely a consumer will setup and create their own service account as opposed to change the needed permissions required by the helm chart.I see in
templates/serviceaccount.yamlyou can provide permissions related annotations viaserviceAccount.annotations, but this doesn't address the problem mentioned where the helm installer might not have privileges to create a service account.Note: I looked for another repository without the released version of the chart and could not find one, and assume it is internally managed so created the issue here.
The text was updated successfully, but these errors were encountered: