Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-16 06:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/rabbitmq-cluster-operator] feat: 🔒 support for extra rules (#22723)

Browse Source 
The existing .clusterOperator.rbac.customRules is an override to RBAC
permissions in the Cluster Operator ClusterRole. Sometimes, a user
simply needs to append some rules, specific to their environment. For
example, to deploy in an environment with Pod Security Policies enabled;
in such environment, the ClusterRole needs an extra rule to allow usage
of PSPs.

The current implementation is "one or the other", meaning that
customerRules take precedence over extraRules.

[#22248]

Signed-off-by: Aitor Perez Cedres <acedres@vmware.com>
This commit is contained in:
Aitor Pérez Cedres
2024-01-26 12:50:05 +00:00
committed by GitHub
parent 259c9dd250
commit 5162d8034c
5 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bitnami/rabbitmq-cluster-operator/README.md
View File

@@ -242,6 +242,7 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th
| `clusterOperator.initContainers` | Add additional init containers to the RabbitMQ Cluster Operator pod(s) | `[]` |
| `clusterOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `clusterOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` |
| `clusterOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` |
| `clusterOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `clusterOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `clusterOperator.serviceAccount.annotations` | Add annotations | `{}` |
@@ -383,6 +384,8 @@ This solution allows to easily deploy multiple RabbitMQ instances compared to th
| `msgTopologyOperator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` |
| `msgTopologyOperator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
| `msgTopologyOperator.rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `msgTopologyOperator.rbac.clusterRole.customRules` | Define custom access rules for the ClusterRole | `[]` |
| `msgTopologyOperator.rbac.clusterRole.extraRules` | Define extra access rules for the ClusterRole. This has no effect if customerRules is a non-empty array. | `[]` |
| `msgTopologyOperator.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `msgTopologyOperator.serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `msgTopologyOperator.serviceAccount.annotations` | Add annotations | `{}` |