mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-14 18:53:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

helm: add least privileges logic for secrets on ceph-csi-cephfs chart

Browse Source 
this allows the encryption KMS config to be granted secret access with
a least privilges policy.

Signed-off-by: Antoine C <hi@acolombier.dev>
This commit is contained in:
Antoine C
2024-05-15 12:24:44 +01:00
committed by mergify[bot]
parent cc407d157e
commit 3e9b438e7c
5 changed files with 21 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
charts/ceph-csi-cephfs/templates/nodeplugin-rolebinding.yaml
View File

@ -1,10 +1,10 @@
{{- if .Values.rbac.create -}}
{{- if and (eq .Values.encryptionKMSConfig.encryptionKMSType "metadata") (eq .Values.encryptionKMSConfig.secretNamespace .Release.Namespace) -}}
{{- if and .Values.rbac.create .Values.rbac.leastPrivileges -}}
{{- if and .Values.encryptionKMSConfig (eq .Values.encryptionKMSConfig.encryptionKMSType "metadata") .Values.encryptionKMSConfig.secretNamespace -}}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "ceph-csi-cephfs.nodeplugin.fullname" . }}
namespace: {{ .Release.Namespace }}
namespace: {{ .Values.encryptionKMSConfig.secretNamespace }}
labels:
app: {{ include "ceph-csi-cephfs.name" . }}
chart: {{ include "ceph-csi-cephfs.chart" . }}