add extra volumes and rules

puckpuck · Nov 1, 2022 · e05b9ab · e05b9ab
1 parent 7761a46
commit e05b9ab
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 4 deletions.
diff --git a/charts/seashell/Chart.yaml b/charts/seashell/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: seashell
 description: A tool that provides a shell to debug Kubernetes workloads
 type: application
-version: 0.2.0
+version: 0.3.0
 appVersion: 0.1
 keywords:
   - debug

diff --git a/charts/seashell/README.md b/charts/seashell/README.md
@@ -31,11 +31,14 @@ helm install seashell puckpuck/seashell
 | `image.repository`           | seashell Image repository                                              | `puckpuck/seashell`                              |
 | `image.tag`                  | seashell Image tag (leave blank to use app version)                    | `nil`                                            |
 | `image.pullPolicy`           | seashell Image pull policy                                             | `IfNotPresent`                                   |
+| `extraVolumeMounts`          | Additional volume mounts to add to the container                       | `[]`                                             |
+| `extraVolumes`               | Additional volumes to add to the pod                                   | `[]`                                             |
 | `serviceAccount.create`      | Specify whether a ServiceAccount should be created                     | `true`                                           |
 | `serviceAccount.annotations` | Annotations to be applied to ServiceAccount                            | `{}`                                             |
 | `serviceAccount.name`        | The name of the ServiceAccount to create                               | Generated using the `seashell.fullname` template |
 | `rbac.create`                | Specify whether RBAC resources should be created and used              | `true`                                           |
 | `rbac.readAll`               | Specify whether to include READ permssions on ALL Kubernetes resources | `false`                                          |
+| `rbac.extraRules`            | Additional rules to add to the ClusterRole                             | `[]`                                             |
 | `podAnnotations`             | Pod annotations                                                        | `{}`                                             |
 | `podSecurityContext`         | Security context for pod                                               | `{}`                                             | 
 | `securityContext`            | Security context for container                                         | `{}`                                             | 

diff --git a/charts/seashell/templates/NOTES.txt b/charts/seashell/templates/NOTES.txt
@@ -1,5 +1,5 @@
 seashell is installed. Start an interactive shell on any of the daemonset pods to use it.
-{{- if .Values.rbac.create }}
+{{- if .Values.rbac.readAll }}
 
 *** WARNING ***
 

diff --git a/charts/seashell/templates/cluster-role-binding.yaml b/charts/seashell/templates/cluster-role-binding.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.create .Values.rbac.readAll }}
+{{- if and .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:

diff --git a/charts/seashell/templates/cluster-role.yaml b/charts/seashell/templates/cluster-role.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.rbac.create .Values.rbac.readAll }}
+{{- if .Values.rbac.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -8,6 +8,7 @@ metadata:
   annotations:
     rbac.authorization.kubernetes.io/autoupdate: "true"
 rules:
+  {{- if .Values.rbac.readAll }}
   - apiGroups:
       - "*"
     resources:
@@ -16,4 +17,6 @@ rules:
       - get
       - list
       - watch
+  {{- end }}
+  {{- toYaml .Values.rbac.extraRules | nindent 2 }}
 {{- end }}
diff --git a/charts/seashell/templates/daemonset.yaml b/charts/seashell/templates/daemonset.yaml
@@ -43,10 +43,12 @@ spec:
             - name: kubernetes
               mountPath: /etc/kubernetes
               readOnly: true
+            {{- toYaml .Values.extraVolumeMounts | nindent 12}}
       volumes:
         - name: kubernetes
           hostPath:
             path: /etc/kubernetes
+        {{- toYaml .Values.extraVolumes | nindent 8 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/seashell/values.yaml b/charts/seashell/values.yaml
@@ -12,6 +12,9 @@ imagePullSecrets: [ ]
 nameOverride: ""
 fullnameOverride: ""
 
+extraVolumeMounts: [ ]
+extraVolumes: [ ]
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -26,6 +29,8 @@ rbac:
   create: true
   # If set to true, a Role and RoleBinding with READ permissions on ALL objects will be created
   readAll: false
+  # additional rules to add to the Role
+  extraRules: [ ]
 
 podAnnotations: { }