File tree Expand file tree Collapse file tree 5 files changed +76
-2
lines changed
modules/eks/idp-roles/charts/idp-roles Expand file tree Collapse file tree 5 files changed +76
-2
lines changed Original file line number Diff line number Diff line change @@ -15,10 +15,10 @@ type: application
1515# This is the chart version. This version number should be incremented each time you make changes
1616# to the chart and its templates, including the app version.
1717# Versions are expected to follow Semantic Versioning (https://semver.org/)
18- version : 0.1 .0
18+ version : 0.2 .0
1919
2020# This is the version number of the application being deployed. This version number should be
2121# incremented each time you make changes to the application. Versions are not expected to
2222# follow Semantic Versioning. They should reflect the version the application is using.
2323# It is recommended to use it with quotes.
24- appVersion : " 0.1 .0"
24+ appVersion : " 0.2 .0"
Original file line number Diff line number Diff line change 1+ apiVersion : rbac.authorization.k8s.io/v1
2+ kind : ClusterRole
3+ metadata :
4+ name : " {{ .Values.reader_cluster_role }}-extra"
5+ labels :
6+ rbac.authorization.k8s.io/aggregate-to-reader : " true"
7+ rules :
8+ - apiGroups :
9+ - " "
10+ resources :
11+ - secrets
12+ verbs :
13+ - list
14+ - get
15+ - apiGroups :
16+ - apiextensions.k8s.io
17+ resources :
18+ - customresourcedefinitions
19+ verbs :
20+ - list
21+ - get
22+ - apiGroups :
23+ - storage.k8s.io
24+ resources :
25+ - storageclasses
26+ verbs :
27+ - list
28+ - get
29+ - apiGroups :
30+ - karpenter.k8s.aws
31+ resources :
32+ - ec2nodeclasses
33+ verbs :
34+ - list
35+ - get
36+ - apiGroups :
37+ - karpenter.sh
38+ resources :
39+ - nodepools
40+ verbs :
41+ - list
42+ - get
Original file line number Diff line number Diff line change 1+ apiVersion : rbac.authorization.k8s.io/v1
2+ kind : ClusterRole
3+ metadata :
4+ name : {{ .Values.reader_cluster_role | quote }}
5+ aggregationRule :
6+ clusterRoleSelectors :
7+ - matchLabels :
8+ rbac.authorization.k8s.io/aggregate-to-view : " true"
9+ - matchLabels :
10+ rbac.authorization.k8s.io/aggregate-to-observer : " true"
11+ - matchLabels :
12+ rbac.authorization.k8s.io/aggregate-to-reader : " true"
Original file line number Diff line number Diff line change 1+ apiVersion : rbac.authorization.k8s.io/v1
2+ kind : ClusterRoleBinding
3+ metadata :
4+ name : {{ .Values.reader_crb_name | quote }}
5+ roleRef :
6+ apiGroup : rbac.authorization.k8s.io
7+ kind : ClusterRole
8+ name : {{ .Values.reader_cluster_role | quote }}
9+ subjects :
10+ - apiGroup : rbac.authorization.k8s.io
11+ kind : Group
12+ name : {{ .Values.reader_client_role | quote }}
13+ - apiGroup : rbac.authorization.k8s.io
14+ kind : User
15+ name : {{ .Values.reader_client_role | quote }}
Original file line number Diff line number Diff line change @@ -27,3 +27,8 @@ poweruser_client_role: "idp:poweruser"
2727observer_crb_name : " idp-observer"
2828observer_cluster_role : " idp-observer"
2929observer_client_role : " idp:observer"
30+
31+ # Reader
32+ reader_crb_name : " idp-reader"
33+ reader_cluster_role : " idp-reader"
34+ reader_client_role : " idp:reader"
You can’t perform that action at this time.
0 commit comments