I'm currently using kubectl create -f clusterRole.yaml
, I was wondering if I can use helm to install it automatically with my chart.
I was looking at the helm documentation, and it used kubectl create -f
for the clusterRole file. Is there any reason that this can't be done through helm? Is it because this concerns with access privilege issues?
As already mentioned in the comments, you can install your RBAC roles using your helm chart. As a matter of fact many of the helm charts do configure roles/clusterRoles at install. Here's an example of Elasticsearch helm chart which does configure Role
and RoleBinding
at install level:
{{- if .Values.rbac.create -}}
{{- $fullName := include "elasticsearch.uname" . -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ $fullName | quote }}
labels:
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: {{ $fullName | quote }}
rules:
- apiGroups:
- extensions
resources:
- podsecuritypolicies
resourceNames:
{{- if eq .Values.podSecurityPolicy.name "" }}
- {{ $fullName | quote }}
{{- else }}
- {{ .Values.podSecurityPolicy.name | quote }}
{{- end }}
verbs:
- use
{{- end -}}
Another example with clusterRole can be found here.
To sum up, if you context allow you to install desired rbac or any other stuff with kubectl
then basically you will be able to do so with helm.