Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow helm chart to support external cluster level RBAC #5228

Closed
hafe opened this issue Mar 10, 2024 · 5 comments · Fixed by #5229
Closed

Allow helm chart to support external cluster level RBAC #5228

hafe opened this issue Mar 10, 2024 · 5 comments · Fixed by #5229
Assignees
@vepatel
Labels
backlog Pull requests/issues that are backlog items refined Issues that are ready to be prioritized

Comments

@hafe
Copy link
Contributor

hafe commented Mar 10, 2024

Is your feature request related to a problem? Please describe.
The helm chart comes with a ClusterRole and a ClusterRoleBinding. The ClusterRoleBinding gives very wide access to the whole cluster for example read access to every secret in the cluster. This does not align well with function provided by the -watch-secret-namespace option.

Describe the solution you'd like
A simple knob to disable the cluster level RBAC resource generation from the helm chart. This gives users a way to provide more suited cluster level RBAC externally yet use the upstream helm chart.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.
@hafe hafe added the proposal An issue that proposes a feature request label Mar 10, 2024
@github-actions GitHub Actions
Copy link

Hi @hafe thanks for reporting!

Be sure to check out the docs and the Contributing Guidelines while you wait for a human to take a look at this 🙂

Cheers!

@hafe hafe mentioned this issue Mar 10, 2024
Merged
6 tasks
@haywoodsh haywoodsh added backlog candidate Pull requests/issues that are candidates to be backlog items and removed proposal An issue that proposes a feature request labels Mar 11, 2024
@jjngx jjngx added ready for refinement An issue that was triaged and it is ready to be refined and removed backlog candidate Pull requests/issues that are candidates to be backlog items labels Mar 25, 2024
@danielnginx danielnginx added the backlog Pull requests/issues that are backlog items label May 16, 2024
@danielnginx danielnginx moved this from Todo ☑ to Prioritized Backlog in NGINX Ingress Controller May 16, 2024
@danielnginx
Copy link
Collaborator

Hi @hafe, could you please add the documentation for this feature?

@hafe
Copy link
Contributor Author

hafe commented May 16, 2024

Sure, exactly where do you mean?

@danielnginx
Copy link
Collaborator

For example: Add the configuration on helm installation - Configuration

https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-helm/#configuration

hafe added a commit to hafe/kubernetes-ingress that referenced this issue May 21, 2024
@hafe
helm: add bool to control cluster level rbac rendering
a0860ac 
Closes nginxinc#5228
@danielnginx danielnginx moved this from Prioritized Backlog to Todo ☑ in NGINX Ingress Controller May 29, 2024
@danielnginx danielnginx added refined Issues that are ready to be prioritized and removed ready for refinement An issue that was triaged and it is ready to be refined labels May 30, 2024
@vepatel vepatel moved this from Todo ☑ to In Progress 🛠 in NGINX Ingress Controller Jun 3, 2024
hafe added a commit to hafe/kubernetes-ingress that referenced this issue Jun 3, 2024
@hafe
helm: add bool to control cluster level rbac rendering
b95970c 
Closes nginxinc#5228
@vepatel vepatel moved this from In Progress 🛠 to In Review 👀 in NGINX Ingress Controller Jun 5, 2024
hafe added a commit to hafe/kubernetes-ingress that referenced this issue Jun 6, 2024
@hafe
helm: add bool to control clusterrole creation
54efe74 
Closes nginxinc#5228
@github-project-automation github-project-automation bot moved this from In Review 👀 to Done 🚀 in NGINX Ingress Controller Jun 6, 2024
@vepatel
Copy link
Contributor

vepatel commented Jun 6, 2024

Thanks @hafe!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vepatel vepatel

Labels
backlog Pull requests/issues that are backlog items refined Issues that are ready to be prioritized
Projects
NGINX Ingress Controller
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

helm: add knob to control cluster level rbac rendering hafe/kubernetes-ingress
5 participants
@hafe @haywoodsh @vepatel @jjngx @danielnginx