Role created when .Values.rbac.create == false

Question

Role created when .Values.rbac.create == false

stgrace opened this issue 8 months ago · comments

Stef Graces commented 8 months ago

A clear and concise description of what the bug is.

Expected Behavior

Expected roles not to be created when setting rbac.create to false

Actual Behavior

Roles are created.

Steps to Reproduce the Problem

helm install --set rbac.create=false keda kedacore/keda --namespace keda --create-namespace

See https://github.com/kedacore/charts/blob/main/keda/templates/manager/role.yaml

{{- if or (and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled)) (.Values.permissions.operator.restrict.secret) }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  {{- with .Values.additionalAnnotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
  labels:
    app.kubernetes.io/name: {{ .Values.operator.name }}
    {{- include "keda.labels" . | indent 4 }}
  name: {{ .Values.operator.name }}
  namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  {{- if and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled) }}
  - create
  - delete
  - patch
  - update
  {{- end }}
  - watch
  - get
  - list
{{- end -}}

Willing to create a PR for this

Tom Kerkhove · Answer 1 · Thu Sep 28 2023 20:45:07 GMT+0800 (China Standard Time)

@JorTurFer It looks like related to cert manager; any thoughts on why this is not respected?

Oversight or just to make sure they are always there?

Jorge Turrado Ferrero · Answer 2 · Thu Sep 28 2023 20:54:43 GMT+0800 (China Standard Time)

We shouldn't add the role if rbac.create = false

Jorge Turrado Ferrero · Answer 3 · Thu Sep 28 2023 20:55:02 GMT+0800 (China Standard Time)

let me open a PR quickly to fix it for incoming release, give me a sec