Modify the rbac_role to make secrets accessible

In the process of secondary development, we found
that we often need to access secrets from pod.
However, it seems that helm-tookit does not support
adding resource of secrets to role. This commit
try to fix that.

Change-Id: If384d6ccb7672a8da5a5e1403733fa655dfe40dd
This commit is contained in:
zhen 2021-07-27 16:07:42 +08:00 committed by Gage Hugo
parent 089d3f859c
commit 6bc1f5a8b6
4 changed files with 7 additions and 1 deletions

View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Helm-Toolkit description: OpenStack-Helm Helm-Toolkit
name: helm-toolkit name: helm-toolkit
version: 0.2.19 version: 0.2.20
home: https://docs.openstack.org/openstack-helm home: https://docs.openstack.org/openstack-helm
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
sources: sources:

View File

@ -62,5 +62,8 @@ rules:
- services - services
- endpoints - endpoints
{{- end -}} {{- end -}}
{{ if eq $v "secrets" }}
- secrets
{{- end -}}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

View File

@ -57,6 +57,8 @@ metadata:
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }} {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
{{- else if and (eq $k "pod") $v }} {{- else if and (eq $k "pod") $v }}
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }} {{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }}
{{- else if and (eq $k "secret") $v }}
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "secrets," ((index $allNamespace $saNamespace) | default "")) }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}
{{- $_ := unset $allNamespace $randomKey }} {{- $_ := unset $allNamespace $randomKey }}

View File

@ -26,4 +26,5 @@ helm-toolkit:
- 0.2.17 Update db backup/restore retry for sending to remote - 0.2.17 Update db backup/restore retry for sending to remote
- 0.2.18 Make Rabbit-init job more robust - 0.2.18 Make Rabbit-init job more robust
- 0.2.19 Revoke all privileges for PUBLIC role in postgres dbs - 0.2.19 Revoke all privileges for PUBLIC role in postgres dbs
- 0.2.20 Modify the template of rbac_role to make secrets accessible
... ...