8000 feat(helm): add support for rbac at namespace scope by dashashutosh80 · Pull Request #1698 · Altinity/clickhouse-operator · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

feat(helm): add support for rbac at namespace scope #1698

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 13, 2025
Merged

feat(helm): add support for rbac at namespace scope #1698

merged 4 commits into from
May 13, 2025

Conversation

dashashutosh80
Copy link
Contributor
@dashashutosh80 dashashutosh80 commented Apr 30, 2025
edited
Loading
  • All commits in the PR are squashed. More info
  • The PR is made into dedicated next-release branch, not into master branch1. More info
  • The PR is signed. More info

This PR contains the following changes:

  • boolean field namespaceScoped added under rbac to values.yaml to enable creation of role and rolebinding instead of clusterrole and clusterrolebinding
  • helm chart generation script and manifest bundle have been updated to handle creation of rbac at cluster level or at namespace level depending on the user input
  • updated manifest builder script to generate rbac for namespace level

This PR aims to address #1423

@dashashutosh24 dashashutosh24 mentioned this pull 8000 request Apr 30, 2025
Open
Slach
Slach requested changes Apr 30, 2025
View reviewed changes
@dashashutosh80
feat(helm): add support for rbac at namespace scope
02a7d82 
- add boolean field namespaceScoped to values.yaml to enable creation of role and rolebinding
- update helm chart generation script and manifest bundle to handle creation of rbac at cluster or namespace level depending on user input
- updated manifest builder script to generate rbac for namespace level

Signed-off-by: dashashutosh80 <dashashutosh80@gmail.com>
@dashashutosh80 dashashutosh80 force-pushed the namespace-scoped-rbac branch from 419cf20 to 02a7d82 Compare April 30, 2025 19:57
@dashashutosh80 dashashutosh80 requested a review from Slach April 30, 2025 20:05
@dashashutosh80
Copy link
Contributor Author

@Slach Please review the updated changes and let me know if anything else needs to be done. Thanks in advance!

Slach
Slach reviewed May 6, 2025
View reviewed changes
Slach
Slach requested changes May 6, 2025
View reviewed changes
Slach
Slach reviewed May 7, 2025
View reviewed changes
Slach
Slach reviewed May 7, 2025
View reviewed changes
@Slach
Copy link
Collaborator
Slach commented May 9, 2025

@dashashutosh80 any news from your side? could we stay ClusterRole default behavior?

@dashashutosh80
Copy link
Contributor Author

@Slach sorry I have been afk for a while now. I’ll update the values.yaml and readme with cluster Role as default behavior in 2-3 days.

@Slach
Copy link
Collaborator
Slach commented May 12, 2025

@dashashutosh80 any news from your side?

@dashashutosh80
Copy link
Contributor Author

@Slach Updated the values.yaml to keep namespace scoping of rbac disabled by default until user overwrites. This should not break installations during upgrade where kube-system is set as namespace and operator already runs with cluster level permissions. Please take a look

@dashashutosh80 dashashutosh80 requested a review from Slach May 13, 2025 09:28
@Slach Slach merged commit 5ef4658 into Altinity:0.25.0 May 13, 2025
2 checks passed
@dashashutosh80 dashashutosh80 deleted the namespace-scoped-rbac branch May 13, 2025 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Slach Slach Slach approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dashashutosh80 @Slach
0