0b8aacb590
* Add clusterrolebinding, fix service, update Vault * Change authDelegator to false by default * Clarify clusterIP comment
22 lines
855 B
YAML
22 lines
855 B
YAML
{{ template "vault.mode" . }}
|
|
{{- if and (ne .mode "") (and (eq (.Values.global.enabled | toString) "true") (eq (.Values.server.authDelegator.enabled | toString) "true")) }}
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: {{ template "vault.fullname" . }}-server-binding
|
|
namespace: {{ .Release.Namespace }}
|
|
labels:
|
|
helm.sh/chart: {{ include "vault.chart" . }}
|
|
app.kubernetes.io/name: {{ include "vault.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
app.kubernetes.io/version: {{ .Chart.Version | quote }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: system:auth-delegator
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ template "vault.fullname" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{ end }}
|