Skip to content

Commit

Permalink
Adding RBAC namespace selection for metrics server (#674)
Browse files Browse the repository at this point in the history
* Added required namespace variable and values file entry, updated docs

Signed-off-by: Nils <kurt.rotzke@gmail.com>

* Added required namespace variable and values file entry, updated docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

* Updated helm-docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

* Updated helm-docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

* Updated helm-docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

* Updated helm-docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

* Updated helm-docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

* Updated helm-docs

Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>

---------

Signed-off-by: Nils <kurt.rotzke@gmail.com>
Signed-off-by: Nils Bergmüller <kurt.rotzke@gmail.com>
  • Loading branch information
Rotzke authored Oct 14, 2024
1 parent 714d29f commit 86cd9b1
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 2 deletions.
1 change: 1 addition & 0 deletions keda/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ their default values.
| `podSecurityContext` | object | [See below](#KEDA-is-secure-by-default) | [Pod security context] for all pods |
| `priorityClassName` | string | `""` | priorityClassName for all KEDA components |
| `rbac.aggregateToDefaultRoles` | bool | `false` | Specifies whether RBAC for CRDs should be [aggregated](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles) to default roles (view, edit, admin) |
| `rbac.controlPlaneServiceAccountsNamespace` | string | `"kube-system"` | Customize the namespace of k8s metrics-server deployment This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials: [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) |
| `rbac.create` | bool | `true` | Specifies whether RBAC should be used |
| `rbac.enabledCustomScaledRefKinds` | bool | `true` | Whether RBAC for configured CRDs that can have a `scale` subresource should be created |
| `rbac.scaledRefKinds` | list | `[{"apiGroup":"*","kind":"*"}]` | List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`. The feature needs to be also enabled by `enabledCustomScaledRefKinds`. If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created note: Deployments and StatefulSets are supported out of the box |
Expand Down
4 changes: 2 additions & 2 deletions keda/templates/metrics-server/clusterrolebinding.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ metadata:
app.kubernetes.io/name: {{ .Values.operator.name }}-auth-reader
{{- include "keda.labels" . | indent 4 }}
name: {{ .Values.operator.name }}-auth-reader
namespace: kube-system
namespace: {{ .Values.rbac.controlPlaneServiceAccountsNamespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
Expand Down Expand Up @@ -59,5 +59,5 @@ roleRef:
subjects:
- kind: ServiceAccount
name: horizontal-pod-autoscaler
namespace: kube-system
namespace: {{ .Values.rbac.controlPlaneServiceAccountsNamespace }}
{{- end -}}
4 changes: 4 additions & 0 deletions keda/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,10 @@ rbac:

# -- Whether RBAC for configured CRDs that can have a `scale` subresource should be created
enabledCustomScaledRefKinds: true
# -- Customize the namespace of k8s metrics-server deployment
# This could also be achieved by the Kubernetes control plane manager flag --use-service-account-credentials:
# [docs](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/)
controlPlaneServiceAccountsNamespace: kube-system
# -- List of custom resources that support the `scale` subresource and can be referenced by `scaledobject.spec.scaleTargetRef`.
# The feature needs to be also enabled by `enabledCustomScaledRefKinds`.
# If left empty, RBAC for `apiGroups: *` and `resources: *, */scale` will be created
Expand Down

0 comments on commit 86cd9b1

Please sign in to comment.