-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Remove ClusterRole #169
Conversation
The clusterrole is required for the authentik kubernetes outpost integration to fully work, without it authentik can't detect what is installed in your cluster and if authentik needs to create any special traefik/etc config (also I'm curious what kind of K8s provider doesn't allow for ClusterRoles) |
Using the namespace scoped helm/charts/authentik-remote-cluster/templates/role.yaml Lines 43 to 48 in ce268f3
For a fully namespace scoped installation, I'm not sure I understand what the ClusterRole is needed for since it seems to provide the same RBAC helm/charts/authentik-remote-cluster/templates/cluster-role.yaml Lines 12 to 18 in ce268f3
Currently the CoreWeave Kubernetes offering does not allow for ClusterRoles (though this will be changed in the future) |
So after some testing with removing the clusterrole, I can indeed do With this we could basically remove the ClusterRole completely, since the only reason for its existence was to read the CRDs |
Even better 😃 |
Revert "feat: make ClusterRole optional" This reverts commit a95a41b.
1a1a8ab
to
4c80e2d
Compare
Some managed k8s offerings do not allow installing cluster scoped resourcesThis PR allows for an entirely namespace scoped installation (if.Values.serviceAccount.clusterRoleBinding
is not provided it defaults totrue
)~~ We do this with
kustomize
today, would be nice to have support in the chart 😄 ~~Does not appear to be required to list CRDs 😄