add clusterrole

This commit is contained in:
Stavros kois
2022-09-02 22:32:06 +03:00
parent 9e30ee1337
commit b7f535d6ff
4 changed files with 34 additions and 21 deletions

View File

@@ -8,5 +8,6 @@ Template to render Tailscale addon. It will add the container to the list of add
{{- if $container -}}
{{- $_ := set .Values.additionalContainers "addon-tailscale" $container -}}
{{ include "tailscale.sa" . }}
{{ include "tailscale.rbac" . }}
{{- end -}}
{{- end -}}

View File

@@ -19,26 +19,6 @@ securityContext:
add:
- NET_ADMIN
rbac:
main:
enabled: true
rules:
- apiGroups:
- ""
resources:
- "secrets"
verbs:
- "create"
- apiGroups:
- ""
resources:
- "secrets"
resourceNames:
- '{{ $secretName }}'
verbs:
- "get"
- "update"
envFrom:
- secretRef:
name: {{ $secretName }}

View File

@@ -0,0 +1,32 @@
{{- define "tailscale.rbac" -}}
{{- $rbacName := printf "%s-tailscale-addon" (include "tc.common.names.fullname" .) -}}
{{- $secretName := printf "%s-tailscale-secret" (include "tc.common.names.fullname" .) }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $rbacName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
annotations:
{{- with .Values.addons.vpn.tailscale.annotations }}
{{- tpl ( toYaml . ) $ | nindent 4 }}
{{- end }}
rules:
- apiGroups:
- ""
resources:
- "secrets"
verbs:
- "create"
- apiGroups:
- ""
resources:
- "secrets"
resourceNames:
- '{{ $secretName }}'
verbs:
- "get"
- "update"
{{- end -}}

View File

@@ -9,8 +9,8 @@ metadata:
name: {{ $saName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
{{- with .Values.addons.vpn.tailscale.annotations }}
annotations:
{{- with .Values.addons.vpn.tailscale.annotations }}
{{- tpl ( toYaml . ) $ | nindent 4 }}
{{- end }}
{{- end -}}