helm: Support clusteradmin role binding
This enables us to support binding to the clusteradmin role in lieu of having to deploy our own role. Change-Id: I7a6b061bdd65b86f151931009e13c63aaf3692c4
This commit is contained in:
parent
486efd3659
commit
4a0c3fed99
|
@ -1,3 +1,4 @@
|
|||
{{- if not .Values.serviceAccount.clusterAdmin }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
|
@ -124,3 +125,4 @@ rules:
|
|||
verbs:
|
||||
- get
|
||||
- create
|
||||
{{- end }}
|
|
@ -8,5 +8,9 @@ subjects:
|
|||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
{{- if .Values.serviceAccount.clusterAdmin }}
|
||||
name: cluster-admin
|
||||
{{- else }}
|
||||
name: {{ include "zuul-operator.serviceAccountName" . }}
|
||||
{{- end }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
|
|
|
@ -13,6 +13,9 @@ fullnameOverride: ""
|
|||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
create: true
|
||||
# Specifies whether the service account should bind to cluster admin
|
||||
clusterAdmin: false
|
||||
|
||||
# Annotations to add to the service account
|
||||
annotations: {}
|
||||
# The name of the service account to use.
|
||||
|
|
Loading…
Reference in New Issue