apache/pulsar-helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

To address the function role vs clusterrole issue (#236)

Browse Source 
* To address the function role vs clusterrole issue

* making backwards compatable

* updated value.yaml to include limit functions to namespace

* Added documentation to clarify the new attribute

* moved limit_to_namespace under functions.rbac
This commit is contained in:
Brad Shelton 2023-07-12 10:11:36 -05:00 committed by GitHub
parent 49f4acdf5a
commit f8ad65066e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
charts/pulsar/templates/broker-rbac.yaml
View File

@ -19,9 +19,15 @@
{{- if or .Values.components.functions .Values.extra.functionsAsPods }} {{- if or .Values.components.functions .Values.extra.functionsAsPods }}
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.functions.rbac.limit_to_namespace }}
kind: Role
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-role"
{{- else}}
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
{{- end}}
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: resources:
@ -46,13 +52,24 @@ metadata:
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
{{- if .Values.functions.rbac.limit_to_namespace }}
kind: RoleBinding
metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-rolebinding"
{{- else}}
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
{{- end}}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
{{- if .Values.functions.rbac.limit_to_namespace }}
kind: Role
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}-role"
{{- else}}
kind: ClusterRole kind: ClusterRole
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"
{{- end}}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}" name: "{{ template "pulsar.fullname" . }}-{{ .Values.functions.component }}"

6
charts/pulsar/values.yaml
View File

@ -792,6 +792,12 @@ broker:
## ##
functions: functions:
component: functions-worker component: functions-worker
## Pulsar: Functions Worker ClusterRole or Role
## templates/broker-rbac.yaml
# Default is false which deploys functions with ClusterRole and ClusterRoleBinding at the cluster level
# Set to true to deploy functions with Role and RoleBinding inside the specified namespace
rbac:
limit_to_namespace: false
## Pulsar: Proxy Cluster ## Pulsar: Proxy Cluster
## templates/proxy-statefulset.yaml ## templates/proxy-statefulset.yaml