-
Notifications
You must be signed in to change notification settings - Fork 217
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add the capability to use RoleBindings instead of ClusterRoleBindings (…
…#841) ### Description This PR introduces a new key to the Helm values named `useRoleBindings` which when set to `true` creates Kubernetes RoleBindings instead of ClusterRoleBindings ### Issues Resolved Closes #831 ### Check List - [x] Commits are signed per the DCO using --signoff - [ ] Unittest added for the new/changed functionality and all unit tests are successful - [x] Customer-visible features documented - [ ] No linter warnings (`make lint`) If CRDs are changed: - [ ] CRD YAMLs updated (`make manifests`) and also copied into the helm chart - [ ] Changes to CRDs documented Please refer to the [PR guidelines](https://github.com/opensearch-project/opensearch-k8s-operator/blob/main/docs/developing.md#submitting-a-pr) before submitting this pull request. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin). --------- Signed-off-by: Nilushan Costa <[email protected]> Signed-off-by: Nilushan Costa <[email protected]> Co-authored-by: Sebastian Woehrl <[email protected]>
- Loading branch information
1 parent
c9e7f11
commit a6de94c
Showing
5 changed files
with
60 additions
and
24 deletions.
There are no files selected for viewing
12 changes: 0 additions & 12 deletions
12
charts/opensearch-operator/templates/opensearch-operator-manager-rolebinding-crb.yaml
This file was deleted.
Oops, something went wrong.
27 changes: 27 additions & 0 deletions
27
charts/opensearch-operator/templates/opensearch-operator-manager-rolebinding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{{- if .Values.useRoleBindings }} | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-rolebinding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "opensearch-operator.serviceAccountName" . }} | ||
namespace: {{ .Release.Namespace }} | ||
{{- else }} | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-rolebinding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-manager-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "opensearch-operator.serviceAccountName" . }} | ||
namespace: {{ .Release.Namespace }} | ||
{{- end }} |
12 changes: 0 additions & 12 deletions
12
charts/opensearch-operator/templates/opensearch-operator-proxy-rolebinding-crb.yaml
This file was deleted.
Oops, something went wrong.
27 changes: 27 additions & 0 deletions
27
charts/opensearch-operator/templates/opensearch-operator-proxy-rolebinding.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
{{- if .Values.useRoleBindings }} | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-rolebinding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "opensearch-operator.serviceAccountName" . }} | ||
namespace: {{ .Release.Namespace }} | ||
{{- else }} | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-rolebinding | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{ include "opensearch-operator.fullname" . }}-{{ .Release.Namespace }}-proxy-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ include "opensearch-operator.serviceAccountName" . }} | ||
namespace: {{ .Release.Namespace }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters