Add support of existing role (!27) · Merge requests · GitLab.org / charts / GitLab Agent Helm Chart

Oleksii Chupryn requested to merge achupryn/gitlab-agent:add_support_of_existing_role into main Sep 20, 2022

Add possibility to use existing role. If rbac.useExistingRole is defined the value of rbac.useExistingRole will be used as a role name, otherwise cluster-admin role will be used.

Use case: use a role with limited access in case using a shared agent with "impersonate" feature. Example of role definition:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: limited-impersonator
rules:
# Can impersonate only service accounts
- apiGroups: [""]
  resources: ["serviceaccounts"]
  verbs: ["impersonate"]

Edited Sep 20, 2022 by Oleksii Chupryn

Add support of existing role

Merge request reports