Added: external rb and crb support

2025-04-17 01:31:13 +00:00 · 2023-03-07 10:41:34 +01:00 · 2023-03-07 10:41:34 +01:00 · 78f6ce5e77
commit 78f6ce5e77
parent a6db8b4262
2 changed files with 36 additions and 0 deletions
--- a/charts/clearml-agent/templates/agentk8sglue-rbac.yaml
+++ b/charts/clearml-agent/templates/agentk8sglue-rbac.yaml
@ -86,3 +86,33 @@ roleRef:
  kind: Role
  name: {{ include "clearmlAgent.name" . }}-kpa
 {{- end }}
+{{- range .Values.agentk8sglue.additionalClusterRoleBindings }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "clearmlAgent.name" $ }}-kpa-{{ . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "clearmlAgent.serviceAccountName" $ }}
+    namespace: {{ $.Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ . }}
+{{- end }}
+{{- range .Values.agentk8sglue.additionalRoleBindings }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "clearmlAgent.name" $ }}-kpa-{{ . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "clearmlAgent.serviceAccountName" $ }}
+    namespace: {{ $.Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ . }}
+{{- end }}
--- a/charts/clearml-agent/values.yaml
+++ b/charts/clearml-agent/values.yaml
@ -81,6 +81,12 @@ agentk8sglue:
  securityContext: {}
    #  runAsUser: 1001
    #  fsGroup: 1001
+  # -- additional existing ClusterRoleBindings
+  additionalClusterRoleBindings: []
+    # - privileged
+  # -- additional existing RoleBindings
+  additionalRoleBindings: []
+    # - privileged
  # -- nodeSelector setup for Agent pod (example in values.yaml comments)
  nodeSelector: {}
    # fleet: agent-nodes