Adding permissions for "nodes" resources to the helm chart (#2091) (#…

…2093) * Adding permissions for Nodes
FoundationDB · Jul 15, 2024 · 2bf00fc · 2bf00fc
1 parent 8c91d78
commit 2bf00fc
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 0 deletions.
diff --git a/charts/fdb-operator/templates/rbac/rbac_role.yaml b/charts/fdb-operator/templates/rbac/rbac_role.yaml
@@ -110,3 +110,22 @@ rules:
   - update
   - patch
   - delete
+{{- if .Values.nodeReadClusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "fdb-operator.fullname" . }}-clusterrole
+  labels:
+    {{- include "fdb-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - watch
+  - list
+{{- end }}
+
diff --git a/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml b/charts/fdb-operator/templates/rbac/rbac_role_binding.yaml
@@ -23,3 +23,19 @@ subjects:
   {{- if .Values.globalMode.enabled }}
   namespace: {{ .Release.Namespace }}
   {{- end }}
+{{- if .Values.nodeReadClusterRole }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "fdb-operator.fullname" . }}-clusterrolebinding
+  labels:
+    {{- include "fdb-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "fdb-operator.fullname" . }}-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ include "fdb-operator.serviceAccountName" . }}
+{{- end }}
diff --git a/charts/fdb-operator/values.yaml b/charts/fdb-operator/values.yaml
@@ -67,3 +67,4 @@ initContainerSecurityContext:
     drop:
       - all
   readOnlyRootFilesystem: true
+nodeReadClusterRole: true