This is an automated email from the ASF dual-hosted git repository.
peacewong pushed a commit to branch dev-1.3.0
in repository https://gitbox.apache.org/repos/asf/incubator-linkis.git
The following commit(s) were added to refs/heads/dev-1.3.0 by this push:
new f7fa65a46 [Feature] init rbac role and roleRef for linkis (#2514)
f7fa65a46 is described below
commit f7fa65a463e5bcfb75c4264a7db3b801ea15235d
Author: legendtkl <[email protected]>
AuthorDate: Mon Jul 25 11:56:47 2022 +0800
[Feature] init rbac role and roleRef for linkis (#2514)
* [Feature] init rbac role and roleRef for linkis
---
.../helm/charts/linkis/templates/_helpers.tpl | 22 ++++++++++++++++
.../charts/linkis/templates/serviceaccount.yaml | 29 ++++++++++++++++++++++
linkis-dist/helm/charts/linkis/values.yaml | 11 ++++++++
3 files changed, 62 insertions(+)
diff --git a/linkis-dist/helm/charts/linkis/templates/_helpers.tpl
b/linkis-dist/helm/charts/linkis/templates/_helpers.tpl
index f8b422624..92a969b2f 100644
--- a/linkis-dist/helm/charts/linkis/templates/_helpers.tpl
+++ b/linkis-dist/helm/charts/linkis/templates/_helpers.tpl
@@ -369,3 +369,25 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
+
+{{/*
+Create the name of the role to use
+*/}}
+{{- define "linkis.roleName" -}}
+{{- if .Values.role.create }}
+{{- default (include "linkis.fullname" .) .Values.role.name }}
+{{- else }}
+{{- default "default" .Values.role.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the role to use
+*/}}
+{{- define "linkis.roleBindingName" -}}
+{{- if .Values.roleBinding.create }}
+{{- default (include "linkis.fullname" .) .Values.roleBinding.name }}
+{{- else }}
+{{- default "default" .Values.roleBinding.name }}
+{{- end }}
+{{- end }}
diff --git a/linkis-dist/helm/charts/linkis/templates/serviceaccount.yaml
b/linkis-dist/helm/charts/linkis/templates/serviceaccount.yaml
index e8fb09fd6..444aa1e84 100644
--- a/linkis-dist/helm/charts/linkis/templates/serviceaccount.yaml
+++ b/linkis-dist/helm/charts/linkis/templates/serviceaccount.yaml
@@ -26,3 +26,32 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "linkis.roleName" . }}
+ {{- with .Values.role.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+rules:
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "linkis.roleBindingName" . }}
+ {{- with .Values.roleBinding.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "linkis.serviceAccountName" . }}
+roleRef:
+ kind: Role
+ name: {{ include "linkis.roleName" . }}
+ apiGroup: rbac.authorization.k8s.io
diff --git a/linkis-dist/helm/charts/linkis/values.yaml
b/linkis-dist/helm/charts/linkis/values.yaml
index c70148b79..a0f5fa70d 100644
--- a/linkis-dist/helm/charts/linkis/values.yaml
+++ b/linkis-dist/helm/charts/linkis/values.yaml
@@ -41,6 +41,17 @@ serviceAccount:
annotations: {}
name: "linkis"
automountToken: true
+role:
+ create: true
+ annotations: {}
+ name: "linkis-role"
+ automountToken: true
+roleBinding:
+ create: true
+ annotations: {}
+ name: "linkis-role-binding"
+ automountToken: true
+
linkis:
featureGates:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
