628fd3007d
Currently, services have two serviceaccounts: one specified in the chart that cannot read anything, and one injected via helm-toolkit that can read everything. This patch set refactors the logic to: - cleanup the roles and their binding automatically when the helm chart is deleted; - remove the need to separately mount a serviceaccount with secret; - better handling of namespaces resource restriction. Co-Authored-By: portdirect <pete@port.direct> Change-Id: I47d41e0cad9b5b002f59fc9652bad2cc025538dc |
||
|---|---|---|
| .. | ||
| bin | ||
| etc | ||
| configmap-bin.yaml | ||
| configmap-etc.yaml | ||
| daemonset-registry-proxy.yaml | ||
| deployment-registry.yaml | ||
| job-bootstrap.yaml | ||
| pvc-images.yaml | ||
| service-registry.yaml | ||