Skip to content

feat(helm): add support for rbac at namespace scope#1698

Merged
Slach merged 4 commits intoAltinity:0.25.0from
dashashutosh80:namespace-scoped-rbac
May 13, 2025
Merged

feat(helm): add support for rbac at namespace scope#1698
Slach merged 4 commits intoAltinity:0.25.0from
dashashutosh80:namespace-scoped-rbac

Conversation

@dashashutosh80
Copy link
Copy Markdown
Contributor

@dashashutosh80 dashashutosh80 commented Apr 30, 2025
edited
Loading

  • All commits in the PR are squashed. More info
  • The PR is made into dedicated next-release branch, not into master branch1. More info
  • The PR is signed. More info

This PR contains the following changes:

  • boolean field namespaceScoped added under rbac to values.yaml to enable creation of role and rolebinding instead of clusterrole and clusterrolebinding
  • helm chart generation script and manifest bundle have been updated to handle creation of rbac at cluster level or at namespace level depending on the user input
  • updated manifest builder script to generate rbac for namespace level

This PR aims to address #1423

@dashashutosh24 dashashutosh24 mentioned this pull request Apr 30, 2025
Open
Slach
Slach requested changes Apr 30, 2025
View reviewed changes
@dashashutosh80
feat(helm): add support for rbac at namespace scope
02a7d82 
- add boolean field namespaceScoped to values.yaml to enable creation of role and rolebinding
- update helm chart generation script and manifest bundle to handle creation of rbac at cluster or namespace level depending on user input
- updated manifest builder script to generate rbac for namespace level

Signed-off-by: dashashutosh80 <[email protected]>
@dashashutosh80 dashashutosh80 force-pushed the namespace-scoped-rbac branch from 419cf20 to 02a7d82 Compare April 30, 2025 19:57
@dashashutosh80 dashashutosh80 requested a review from Slach April 30, 2025 20:05
@dashashutosh80
Copy link
Copy Markdown
Contributor Author

dashashutosh80 commented May 6, 2025

@Slach Please review the updated changes and let me know if anything else needs to be done. Thanks in advance!

Slach
Slach reviewed May 6, 2025
View reviewed changes
Slach
Slach requested changes May 6, 2025
View reviewed changes
Slach
Slach reviewed May 7, 2025
View reviewed changes
Slach
Slach reviewed May 7, 2025
View reviewed changes
@Slach
Copy link
Copy Markdown
Collaborator

Slach commented May 9, 2025

@dashashutosh80 any news from your side? could we stay ClusterRole default behavior?

@dashashutosh80
Copy link
Copy Markdown
Contributor Author

dashashutosh80 commented May 9, 2025

@Slach sorry I have been afk for a while now. I’ll update the values.yaml and readme with cluster Role as default behavior in 2-3 days.

@Slach
Copy link
Copy Markdown
Collaborator

Slach commented May 12, 2025

@dashashutosh80 any news from your side?

@dashashutosh80
Copy link
Copy Markdown
Contributor Author

dashashutosh80 commented May 13, 2025

@Slach Updated the values.yaml to keep namespace scoping of rbac disabled by default until user overwrites. This should not break installations during upgrade where kube-system is set as namespace and operator already runs with cluster level permissions. Please take a look

@dashashutosh80 dashashutosh80 requested a review from Slach May 13, 2025 09:28
@Slach Slach merged commit 5ef4658 into Altinity:0.25.0 May 13, 2025
2 checks passed
@dashashutosh80 dashashutosh80 deleted the namespace-scoped-rbac branch May 13, 2025 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Slach Slach Slach approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dashashutosh80 @Slach