(nack) Add Labels to RBAC Jetstream Controller Role #978
Description
What motivated this proposal?
We use a CICD user in our kubernetes cluster to automate deployments.
This CICD user has a namespaced admin role attached to it.
The jetstream-controller-role role doesn't have the rbac.authorization.k8s.io/aggregate-to-admin: "true" label on it, which means we would have to either manually modify the role with the label or attach the role to our CICD user.
What is the proposed change?
Add the ability to add custom labels to the jetstream-controller-role role to be able to set rbac.authorization.k8s.io/aggregate-to-admin: "true"
# helm/charts/nack/templates/rbac-jetstream-controller.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $kind }}
metadata:
name: {{ template "jsc.serviceAccountName" . }}-{{ $kindSuffix }}
namespace: {{ include "jsc.namespace" . }}
+ labels:
+ {{- tpl (toYaml .Values.rbacLabels) . | nindent 4 }}
{{ tpl .Values.rbacRules . }}Who benefits from this change?
No response
What alternatives have you evaluated?
- Manually modifying the
jetstream-controller-rolerole - Manually attaching the role to users
- Attach
cluster-adminCluster Role to CICD user with a NamespacedRoleBinding