commit efc43ea55bc20022fadc3954ddb19e8d5d521082
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Mon Sep 09 19:11:41 2024 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Mon Sep 09 19:11:41 2024 +0400
tree 698d69a25d1c661805869e81e7e151e80b3a6ef6
parent e4d7e60c543c906b050936c93a661e90d1002e96

update

charts/access-secrets/.helmignore

diff --git a/charts/access-secrets/.helmignore b/charts/access-secrets/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/access-secrets/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/access-secrets/Chart.yaml

diff --git a/charts/access-secrets/Chart.yaml b/charts/access-secrets/Chart.yaml
new file mode 100644
index 0000000..e17b6af
--- /dev/null
+++ b/charts/access-secrets/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: access-secrets
+description: A Helm chart giving service account access to secrets in the same namespace
+type: application
+version: 0.0.1
+appVersion: "0.0.1"

charts/access-secrets/templates/install.yaml

diff --git a/charts/access-secrets/templates/install.yaml b/charts/access-secrets/templates/install.yaml
new file mode 100644
index 0000000..ce27ccc
--- /dev/null
+++ b/charts/access-secrets/templates/install.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secrets
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secrets
+  namespace: {{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccountName }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: secrets
+  apiGroup: rbac.authorization.k8s.io

charts/access-secrets/values.yaml

diff --git a/charts/access-secrets/values.yaml b/charts/access-secrets/values.yaml
new file mode 100644
index 0000000..14f425b
--- /dev/null
+++ b/charts/access-secrets/values.yaml
@@ -0,0 +1 @@
+serviceAccountName: default