From 336b78da2f637212fff6e16eea2236e98dfdc6ed Mon Sep 17 00:00:00 2001 From: Jonathan Amiez Date: Tue, 17 Oct 2023 18:40:45 +0200 Subject: [PATCH] Create clusterroles/bindings when service account is not managed rbac.enabled only should toggle these objects' creation so they can be used with a pre-existing service account. Signed-off-by: Jonathan Amiez --- charts/policy-reporter/templates/clusterrole.yaml | 2 +- charts/policy-reporter/templates/role.yaml | 4 ++-- charts/policy-reporter/templates/rolebinding.yaml | 2 +- charts/policy-reporter/templates/secret-role.yaml | 4 ++-- charts/policy-reporter/templates/secret-rolebinding.yaml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/policy-reporter/templates/clusterrole.yaml b/charts/policy-reporter/templates/clusterrole.yaml index 8186ef33..d0505c41 100644 --- a/charts/policy-reporter/templates/clusterrole.yaml +++ b/charts/policy-reporter/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceAccount.create -}} +{{- if .Values.rbac.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/policy-reporter/templates/role.yaml b/charts/policy-reporter/templates/role.yaml index 359ce1c0..93473ccd 100644 --- a/charts/policy-reporter/templates/role.yaml +++ b/charts/policy-reporter/templates/role.yaml @@ -1,4 +1,4 @@ -{{- if and (and .Values.serviceAccount.create .Values.rbac.enabled) (or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1)) -}} +{{- if and .Values.rbac.enabled (or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1)) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -21,4 +21,4 @@ rules: - get - patch - update -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/policy-reporter/templates/rolebinding.yaml b/charts/policy-reporter/templates/rolebinding.yaml index fd21392a..7690104a 100644 --- a/charts/policy-reporter/templates/rolebinding.yaml +++ b/charts/policy-reporter/templates/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and (and .Values.serviceAccount.create .Values.rbac.enabled) (or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1)) -}} +{{- if and .Values.rbac.enabled (or .Values.leaderElection.enabled (gt (int .Values.replicaCount) 1)) -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: diff --git a/charts/policy-reporter/templates/secret-role.yaml b/charts/policy-reporter/templates/secret-role.yaml index de531408..a6338164 100644 --- a/charts/policy-reporter/templates/secret-role.yaml +++ b/charts/policy-reporter/templates/secret-role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}} +{{- if .Values.rbac.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -16,4 +16,4 @@ rules: - secrets verbs: - get -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/policy-reporter/templates/secret-rolebinding.yaml b/charts/policy-reporter/templates/secret-rolebinding.yaml index 9a650233..3abbf9bc 100644 --- a/charts/policy-reporter/templates/secret-rolebinding.yaml +++ b/charts/policy-reporter/templates/secret-rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.serviceAccount.create .Values.rbac.enabled -}} +{{- if .Values.rbac.enabled -}} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: