From e05b9ab1fbdc7aae21151fa487dee6d9f8040e09 Mon Sep 17 00:00:00 2001 From: Pierre Tessier Date: Tue, 1 Nov 2022 19:09:07 -0400 Subject: [PATCH] add extra volumes and rules --- charts/seashell/Chart.yaml | 2 +- charts/seashell/README.md | 3 +++ charts/seashell/templates/NOTES.txt | 2 +- charts/seashell/templates/cluster-role-binding.yaml | 2 +- charts/seashell/templates/cluster-role.yaml | 5 ++++- charts/seashell/templates/daemonset.yaml | 2 ++ charts/seashell/values.yaml | 5 +++++ 7 files changed, 17 insertions(+), 4 deletions(-) diff --git a/charts/seashell/Chart.yaml b/charts/seashell/Chart.yaml index dbbbece..d8c8821 100644 --- a/charts/seashell/Chart.yaml +++ b/charts/seashell/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: seashell description: A tool that provides a shell to debug Kubernetes workloads type: application -version: 0.2.0 +version: 0.3.0 appVersion: 0.1 keywords: - debug diff --git a/charts/seashell/README.md b/charts/seashell/README.md index 74087bd..c0da15a 100644 --- a/charts/seashell/README.md +++ b/charts/seashell/README.md @@ -31,11 +31,14 @@ helm install seashell puckpuck/seashell | `image.repository` | seashell Image repository | `puckpuck/seashell` | | `image.tag` | seashell Image tag (leave blank to use app version) | `nil` | | `image.pullPolicy` | seashell Image pull policy | `IfNotPresent` | +| `extraVolumeMounts` | Additional volume mounts to add to the container | `[]` | +| `extraVolumes` | Additional volumes to add to the pod | `[]` | | `serviceAccount.create` | Specify whether a ServiceAccount should be created | `true` | | `serviceAccount.annotations` | Annotations to be applied to ServiceAccount | `{}` | | `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the `seashell.fullname` template | | `rbac.create` | Specify whether RBAC resources should be created and used | `true` | | `rbac.readAll` | Specify whether to include READ permssions on ALL Kubernetes resources | `false` | +| `rbac.extraRules` | Additional rules to add to the ClusterRole | `[]` | | `podAnnotations` | Pod annotations | `{}` | | `podSecurityContext` | Security context for pod | `{}` | | `securityContext` | Security context for container | `{}` | diff --git a/charts/seashell/templates/NOTES.txt b/charts/seashell/templates/NOTES.txt index 78b69c2..2d76e4c 100644 --- a/charts/seashell/templates/NOTES.txt +++ b/charts/seashell/templates/NOTES.txt @@ -1,5 +1,5 @@ seashell is installed. Start an interactive shell on any of the daemonset pods to use it. -{{- if .Values.rbac.create }} +{{- if .Values.rbac.readAll }} *** WARNING *** diff --git a/charts/seashell/templates/cluster-role-binding.yaml b/charts/seashell/templates/cluster-role-binding.yaml index a0fba58..b159090 100644 --- a/charts/seashell/templates/cluster-role-binding.yaml +++ b/charts/seashell/templates/cluster-role-binding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.create .Values.rbac.readAll }} +{{- if and .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/seashell/templates/cluster-role.yaml b/charts/seashell/templates/cluster-role.yaml index 8588b5e..0fb0cc2 100644 --- a/charts/seashell/templates/cluster-role.yaml +++ b/charts/seashell/templates/cluster-role.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.rbac.create .Values.rbac.readAll }} +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -8,6 +8,7 @@ metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" rules: + {{- if .Values.rbac.readAll }} - apiGroups: - "*" resources: @@ -16,4 +17,6 @@ rules: - get - list - watch + {{- end }} + {{- toYaml .Values.rbac.extraRules | nindent 2 }} {{- end }} diff --git a/charts/seashell/templates/daemonset.yaml b/charts/seashell/templates/daemonset.yaml index 851c4ad..f9e63d0 100644 --- a/charts/seashell/templates/daemonset.yaml +++ b/charts/seashell/templates/daemonset.yaml @@ -43,10 +43,12 @@ spec: - name: kubernetes mountPath: /etc/kubernetes readOnly: true + {{- toYaml .Values.extraVolumeMounts | nindent 12}} volumes: - name: kubernetes hostPath: path: /etc/kubernetes + {{- toYaml .Values.extraVolumes | nindent 8 }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/seashell/values.yaml b/charts/seashell/values.yaml index 781da57..6f71033 100644 --- a/charts/seashell/values.yaml +++ b/charts/seashell/values.yaml @@ -12,6 +12,9 @@ imagePullSecrets: [ ] nameOverride: "" fullnameOverride: "" +extraVolumeMounts: [ ] +extraVolumes: [ ] + serviceAccount: # Specifies whether a service account should be created create: true @@ -26,6 +29,8 @@ rbac: create: true # If set to true, a Role and RoleBinding with READ permissions on ALL objects will be created readAll: false + # additional rules to add to the Role + extraRules: [ ] podAnnotations: { }