628fd3007d
Currently, services have two serviceaccounts: one specified in the chart that cannot read anything, and one injected via helm-toolkit that can read everything. This patch set refactors the logic to: - cleanup the roles and their binding automatically when the helm chart is deleted; - remove the need to separately mount a serviceaccount with secret; - better handling of namespaces resource restriction. Co-Authored-By: portdirect <pete@port.direct> Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc |
||
|---|---|---|
| .. | ||
| clusterrole.yaml | ||
| clusterrolebinding.yaml | ||
| configmap-bin.yaml | ||
| deployment.yaml | ||
| job-image-repo-sync.yaml | ||
| service-controller-manager.yaml | ||
| service-kube-metrics.yaml | ||
| service-scheduler.yaml | ||