Support custom rules for read-only mode (#7152)

* Support custom rules for read-only mode When dashboard is started with read-only role, CRDs are not shown in UI due to permissions issue. This PR adds ability to provide custom rules for read-only role * Update aio/deploy/helm-chart/kubernetes-dashboard/Chart.yaml Co-authored-by: Cédric de Saint Martin <cdesaintmartin@wiremind.io> Co-authored-by: Cédric de Saint Martin <cdesaintmartin@wiremind.io>
kubernetes · Aug 16, 2022 · 4795a8f · 4795a8f
1 parent e322994
commit 4795a8f
Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/aio/deploy/helm-chart/kubernetes-dashboard/Chart.yaml b/aio/deploy/helm-chart/kubernetes-dashboard/Chart.yaml
@@ -14,7 +14,7 @@
 
 apiVersion: v2
 name: kubernetes-dashboard
-version: 5.8.0
+version: 5.9.0
 appVersion: 2.6.1
 description: General-purpose web UI for Kubernetes clusters
 keywords:

diff --git a/aio/deploy/helm-chart/kubernetes-dashboard/templates/clusterrole-readonly.yaml b/aio/deploy/helm-chart/kubernetes-dashboard/templates/clusterrole-readonly.yaml
@@ -151,4 +151,7 @@ rules:
       - get
       - list
       - watch
+  {{- with .Values.rbac.clusterReadOnlyRoleAdditionalRules -}}
+  {{ toYaml . | nindent 2 }}
+  {{- end }}
 {{- end -}}
diff --git a/aio/deploy/helm-chart/kubernetes-dashboard/values.yaml b/aio/deploy/helm-chart/kubernetes-dashboard/values.yaml
@@ -305,6 +305,9 @@ rbac:
   #
   # Independent from rbac.create parameter.
   clusterReadOnlyRole: false
+  # It is possible to add additional rules if read only role is enabled.
+  # This can be useful, for example, to show CRD resources.
+  # clusterReadOnlyRoleAdditionalRules: []
 
 serviceAccount:
   # Specifies whether a service account should be created