fix!: rbac extra rules value renamed

Signed-off-by: Ievgenii Shepeliuk <[email protected]>
open-policy-agent · Jun 1, 2022 · daef0c2 · daef0c2
1 parent 1dc2a83
commit daef0c2
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 11 deletions.
diff --git a/charts/opa-kube-mgmt/templates/rbac-mgmt.yaml b/charts/opa-kube-mgmt/templates/rbac-mgmt.yaml
@@ -1,4 +1,5 @@
-{{- if and .Values.rbac.create .Values.mgmt.enabled }}
+{{- if .Values.rbac.create }}
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -10,7 +11,15 @@ metadata:
     component: mgmt
   name: {{ template "opa.mgmtfullname" . }}
 rules:
-{{ toYaml .Values.rbac.rules.cluster | indent 2 }}
+  {{- with .Values.rbac.extraRules }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["namespaces"]
+    verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

diff --git a/charts/opa-kube-mgmt/values.yaml b/charts/opa-kube-mgmt/values.yaml
@@ -199,16 +199,13 @@ nodeSelector: {}
 resources: {}
 
 rbac:
-  # If true, create RBAC resources
+  # should ClusterRole for kube-mgmt be created
   create: true
-  rules:
-    cluster:
-    - apiGroups: [""]
-      resources: ["configmaps"]
-      verbs: ["*"]
-    - apiGroups: [""]
-      resources: ["namespaces"]
-      verbs: ["get", "list", "watch"]
+  # extra rules to be added to a ClusterRole
+  extraRules: []
+    # - apiGroups: [""]
+    #   resources: ["configmaps"]
+    #   verbs: ["*"]
 
 serviceAccount:
   # Specifies whether a ServiceAccount should be created