Modify the rbac_role to make secrets accessible
In the process of secondary development, we found that we often need to access secrets from pod. However, it seems that helm-tookit does not support adding resource of secrets to role. This commit try to fix that. Change-Id: If384d6ccb7672a8da5a5e1403733fa655dfe40dd
This commit is contained in:
parent
089d3f859c
commit
6bc1f5a8b6
@ -15,7 +15,7 @@ apiVersion: v1
|
|||||||
appVersion: v1.0.0
|
appVersion: v1.0.0
|
||||||
description: OpenStack-Helm Helm-Toolkit
|
description: OpenStack-Helm Helm-Toolkit
|
||||||
name: helm-toolkit
|
name: helm-toolkit
|
||||||
version: 0.2.19
|
version: 0.2.20
|
||||||
home: https://docs.openstack.org/openstack-helm
|
home: https://docs.openstack.org/openstack-helm
|
||||||
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
icon: https://www.openstack.org/themes/openstack/images/project-mascots/OpenStack-Helm/OpenStack_Project_OpenStackHelm_vertical.png
|
||||||
sources:
|
sources:
|
||||||
|
@ -62,5 +62,8 @@ rules:
|
|||||||
- services
|
- services
|
||||||
- endpoints
|
- endpoints
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{ if eq $v "secrets" }}
|
||||||
|
- secrets
|
||||||
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -57,6 +57,8 @@ metadata:
|
|||||||
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
|
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "daemonsets," ((index $allNamespace $saNamespace) | default "")) }}
|
||||||
{{- else if and (eq $k "pod") $v }}
|
{{- else if and (eq $k "pod") $v }}
|
||||||
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }}
|
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "pods," ((index $allNamespace $saNamespace) | default "")) }}
|
||||||
|
{{- else if and (eq $k "secret") $v }}
|
||||||
|
{{- $_ := set $allNamespace $saNamespace (printf "%s%s" "secrets," ((index $allNamespace $saNamespace) | default "")) }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- $_ := unset $allNamespace $randomKey }}
|
{{- $_ := unset $allNamespace $randomKey }}
|
||||||
|
@ -26,4 +26,5 @@ helm-toolkit:
|
|||||||
- 0.2.17 Update db backup/restore retry for sending to remote
|
- 0.2.17 Update db backup/restore retry for sending to remote
|
||||||
- 0.2.18 Make Rabbit-init job more robust
|
- 0.2.18 Make Rabbit-init job more robust
|
||||||
- 0.2.19 Revoke all privileges for PUBLIC role in postgres dbs
|
- 0.2.19 Revoke all privileges for PUBLIC role in postgres dbs
|
||||||
|
- 0.2.20 Modify the template of rbac_role to make secrets accessible
|
||||||
...
|
...
|
||||||
|
Loading…
Reference in New Issue
Block a user