Comments (9)
natcohen
commented on May 20, 2024
@fredsted Were you able to find a solution? Could you please share your RBAC file you created, that would be awesome!
Thanks!
from charts.
fredsted
commented on May 20, 2024
Hi @natcohen
I added these to my adaptation of the openvpn chart here:
templates/letsencrypt.role.yaml
{{ if .Values.ui.ssl.enabled }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: {{ template "fullname_letsencrypt" . }}-role
labels:
app: "{{ .Chart.Name }}"
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
- apiGroups: ['']
resources: ['secrets']
verbs: ["get", "watch", "list", "create", "update", "patch"]
{{- end }}
templates/letsencrypt.rolebinding.yaml
{{ if .Values.ui.ssl.enabled }}
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: {{ template "fullname_letsencrypt" . }}-rolebinding
labels:
app: "{{ .Chart.Name }}"
chart: {{ .Chart.Name }}-{{ .Chart.Version }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "fullname_letsencrypt" . }}-role
subjects:
- kind: ServiceAccount
name: {{ template "fullname_letsencrypt" . }}-sa
{{- end -}}
I wasn't able to find a solution. We initially considered this to allow developers access to a central K8s cluster, but we are now using Teleport for this purpose, which also has an Oauth access flow.
from charts.
natcohen
commented on May 20, 2024
Thank you so much, that is extremely helpful!
from charts.
natcohen
commented on May 20, 2024
@fredsted Sorry to bother but how did you integrate those files into the current project? Do I have to add them into the letsencrypt jobs-pre-install file? If yes, how? Thanks again
from charts.
fredsted
commented on May 20, 2024
@natcohen I basically copied all the files from the chart on this repo and made my own helm chart with the changes :)
from charts.
natcohen
commented on May 20, 2024
@fredsted I did the same but the problem is I don't know where to add these two files into the deployment process... Adding them to the chart doesn't seem to work.
from charts.
fredsted
commented on May 20, 2024
Did you set the value .Values.ui.ssl.enabled?
from charts.
natcohen
commented on May 20, 2024
yes I did...
from charts.
natcohen
commented on May 20, 2024
I created the two files and added them into the same folder and rebuilt the package. But it seems that it's not deploying the RBAC files on pre-install.
from charts.
Related Issues (20)
- Make Portal Proxy Optional HOT 2
- Portal Should Support Native Nginx Ingress
- [incubator/portal] Needs to support URL subpaths for navigation menu
- [travis] Support branch names with `/` in helm charts
- [incubator/monochart] Extend chart capabilities HOT 4
- [incubator/monochart] allow `monochart` to be optional HOT 1
- Remove double Elastic Search readme section in FluentD chart HOT 1
- FluentD Chart ConfigMap default values do not work HOT 2
- [incubator/route53] Broken repo urls in install description. HOT 1
- [incubator/monochart] Add support for volume snapshots HOT 3
- Fix/Remove README in incubator HOT 1
- Thumbor: AttributeError: REDIS_STORAGE_IGNORE_ERRORS when using smart
- Update cert-manager to use Let's Encrypt HOT 1
- "coalesce.go:165: warning: skipped value for ..." when installing monochart
- {{ requiredEnv "RELEASE_NAME" }} used in the file values.example.yaml in monochart
- Deprecate `cert-manager` chart
- [incubator/monochart] Add support for initContainers
- [incubator/monochart] Dockercfg name mismatch HOT 1
- bastion does not seems to work and returns permission denied.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.