From ef468bc0ded1a2881b9f212a38d527e312abae99 Mon Sep 17 00:00:00 2001 From: tamal Date: Mon, 3 Jul 2017 17:05:25 -0700 Subject: [PATCH] Update chart with rbac --- chart/stash/README.md | 8 ++++---- chart/stash/templates/NOTES.txt | 2 +- chart/stash/templates/rbac.yaml | 34 --------------------------------- docs/rbac.md | 2 +- 4 files changed, 6 insertions(+), 40 deletions(-) diff --git a/chart/stash/README.md b/chart/stash/README.md index de533bcc1..1f85bb6db 100644 --- a/chart/stash/README.md +++ b/chart/stash/README.md @@ -54,14 +54,14 @@ The following tables lists the configurable parameters of the Stash chart and th Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: ```bash -$ helm install --name my-release --set image.tag=v0.2.1 stable/stash +$ helm install --name my-release --set image.tag=v0.2.1 chart/stash ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example: ```bash -$ helm install --name my-release --values values.yaml stable/stash +$ helm install --name my-release --values values.yaml chart/stash ``` ## RBAC @@ -86,7 +86,7 @@ If the output contains "beta" or both "alpha" and "beta" you can may install wit To enable the creation of RBAC resources (On clusters with RBAC). Do the following: ```console -$ helm install --name my-release stable/stash --set rbac.install=true +$ helm install --name my-release chart/stash --set rbac.install=true ``` ### Changing RBAC manifest apiVersion @@ -94,5 +94,5 @@ $ helm install --name my-release stable/stash --set rbac.install=true By default the RBAC resources are generated with the "v1beta1" apiVersion. To use "v1alpha1" do the following: ```console -$ helm install --name my-release stable/stash --set rbac.install=true,rbac.apiVersion=v1alpha1 +$ helm install --name my-release chart/stash --set rbac.install=true,rbac.apiVersion=v1alpha1 ``` diff --git a/chart/stash/templates/NOTES.txt b/chart/stash/templates/NOTES.txt index 3518e04a0..521dac256 100644 --- a/chart/stash/templates/NOTES.txt +++ b/chart/stash/templates/NOTES.txt @@ -1,3 +1,3 @@ To verify that Stash has started, run: - kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}, app={{ template "fullname" . }}" \ No newline at end of file + kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}, app={{ template "name" . }}" diff --git a/chart/stash/templates/rbac.yaml b/chart/stash/templates/rbac.yaml index 1999c429a..f086eda6b 100644 --- a/chart/stash/templates/rbac.yaml +++ b/chart/stash/templates/rbac.yaml @@ -67,38 +67,4 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ $serviceName }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: stash-sidecar - labels: - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: "{{ template "name" . }}" - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" -rules: -- apiGroups: - - stash.appscode.com - resources: ["*"] - verbs: ["*"] -- apiGroups: - - extensions - resources: - - deployments - - daemonsets - - replicasets - verbs: ["get"] -- apiGroups: [""] - resources: - - replicationcontrollers - verbs: ["*"] -- apiGroups: [""] - resources: - - secrets - verbs: ["get"] -- apiGroups: [""] - resources: - - events - verbs: ["create"] {{ end }} diff --git a/docs/rbac.md b/docs/rbac.md index 30399cfad..a3977e005 100644 --- a/docs/rbac.md +++ b/docs/rbac.md @@ -35,7 +35,7 @@ rules: verbs: ["create"] ``` -`stash-sidecar` ClusterRole will be automatically created, if you installed Stash using one of the documented methods [here](/docs/install.md). +Create `stash-sidecar` ClusterRole, if it is not already present. Now, create a RoleBinding for service account used to a workload. ```yaml