Skip to content

Commit 15c4674

Browse files
committed
Add a check to weather openshift clusterrolebinding specific should be created
Signed-off-by: Roey <[email protected]>
1 parent 5a05dda commit 15c4674

File tree

2 files changed

+12
-0
lines changed

2 files changed

+12
-0
lines changed

charts/konnector/templates/_helpers.tpl

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,3 +60,13 @@ spec:
6060
readOnly: true
6161
restartPolicy: Never
6262
{{- end -}}
63+
64+
{{/* Returns true if the anyuid SCC exists and is accessible, false otherwise */}}
65+
{{- define "common.hasAnyuidSCC" -}}
66+
{{- if has "security.openshift.io/v1" .Capabilities.APIVersions }}
67+
{{- $scc := lookup "security.openshift.io/v1" "SecurityContextConstraints" "" "anyuid" }}
68+
{{- if $scc }}true{{ else }}false{{ end }}
69+
{{- else }}
70+
false
71+
{{- end }}
72+
{{- end }}

charts/konnector/templates/rbac.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ roleRef:
6767

6868
{{- range $bindingName, $bindingInfo := .Values.system.extraClusterRoleBindings }}
6969
---
70+
{{- if eq (include "common.hasAnyuidSCC" $) "true" }}
7071
apiVersion: rbac.authorization.k8s.io/v1
7172
kind: ClusterRoleBinding
7273
metadata:
@@ -82,3 +83,4 @@ roleRef:
8283
name: {{ $bindingInfo.roleRef.name }}
8384
apiGroup: rbac.authorization.k8s.io
8485
{{- end }}
86+
{{- end }}

0 commit comments

Comments
 (0)