diff --git a/docs/pages/includes/helm-reference/zz_generated.tbot.mdx b/docs/pages/includes/helm-reference/zz_generated.tbot.mdx index 743030c0506b7..c16a9c42f1d25 100644 --- a/docs/pages/includes/helm-reference/zz_generated.tbot.mdx +++ b/docs/pages/includes/helm-reference/zz_generated.tbot.mdx @@ -200,6 +200,21 @@ resources. used by the chart. By default, the `ServiceAccount` has the name of the Helm release. +## `serviceAccountRole` + +`serviceAccountRole` controls the Kubernetes Role and RoleBinding creation +used by the serviceAccount + +### `serviceAccountRole.create` + +| Type | Default | +|------|---------| +| `bool` | `true` | + +`serviceAccountRole.create` controls whether Helm Chart creates the +Kubernetes `Role` & `RoleBindings` resources for the Kubernetes SA. +When off, you are responsible for creating the appropriate resources. + ## `imagePullPolicy` | Type | Default | diff --git a/examples/chart/tbot/templates/role.yaml b/examples/chart/tbot/templates/role.yaml index 1d0e9aa88fb21..c772205e54ecc 100644 --- a/examples/chart/tbot/templates/role.yaml +++ b/examples/chart/tbot/templates/role.yaml @@ -1,6 +1,6 @@ # This role grants the ability to manage secrets within the namespace - this is # necessary for the `kubernetes_secret` destination to work correctly. -{{ if .Values.serviceAccount.create -}} +{{ if .Values.serviceAccountRole.create -}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -17,4 +17,4 @@ rules: - apiGroups: [""] resources: ["secrets"] verbs: ["*"] -{{ end }} \ No newline at end of file +{{ end }} diff --git a/examples/chart/tbot/templates/rolebinding.yaml b/examples/chart/tbot/templates/rolebinding.yaml index 754010ed7d982..07b8787c8b714 100644 --- a/examples/chart/tbot/templates/rolebinding.yaml +++ b/examples/chart/tbot/templates/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.serviceAccount.create -}} +{{- if .Values.serviceAccountRole.create -}} # Bind the role to the service account created for tbot. apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -20,4 +20,4 @@ roleRef: kind: Role name: {{ include "tbot.fullname" . }} apiGroup: rbac.authorization.k8s.io -{{ end }} \ No newline at end of file +{{ end }} diff --git a/examples/chart/tbot/tests/role_test.yaml b/examples/chart/tbot/tests/role_test.yaml index 63d006e7c957f..f2a5c95feaa39 100644 --- a/examples/chart/tbot/tests/role_test.yaml +++ b/examples/chart/tbot/tests/role_test.yaml @@ -12,9 +12,9 @@ tests: - ../.lint/full.yaml asserts: - matchSnapshot: {} - - it: skips creation when service account disabled + - it: skips creation when explictely disabled set: - serviceAccount.create: false + serviceAccountRole.create: false asserts: - hasDocuments: - count: 0 \ No newline at end of file + count: 0 diff --git a/examples/chart/tbot/tests/rolebinding_test.yaml b/examples/chart/tbot/tests/rolebinding_test.yaml index 55591db125afa..58abcbacfc2dc 100644 --- a/examples/chart/tbot/tests/rolebinding_test.yaml +++ b/examples/chart/tbot/tests/rolebinding_test.yaml @@ -12,9 +12,9 @@ tests: - ../.lint/full.yaml asserts: - matchSnapshot: {} - - it: skips creation when service account disabled + - it: skips creation when explictely disabled set: - serviceAccount.create: false + serviceAccountRole.create: false asserts: - hasDocuments: - count: 0 \ No newline at end of file + count: 0 diff --git a/examples/chart/tbot/values.yaml b/examples/chart/tbot/values.yaml index bdc2670142648..1cc87486a8428 100644 --- a/examples/chart/tbot/values.yaml +++ b/examples/chart/tbot/values.yaml @@ -116,6 +116,14 @@ serviceAccount: # Helm release. name: "" +# serviceAccountRole -- controls the Kubernetes Role and RoleBinding creation +# used by the serviceAccount +serviceAccountRole: + # serviceAccountRole.create(bool) -- controls whether Helm Chart creates the + # Kubernetes `Role` & `RoleBindings` resources for the Kubernetes SA. + # When off, you are responsible for creating the appropriate resources. + create: true + # imagePullPolicy(string) -- sets the pull policy for any pods created by the chart. # See [the Kubernetes documentation](https://kubernetes.io/docs/concepts/containers/images/#updating-images) # for more details.