Commit e99a2761 authored by Robert Marshall's avatar Robert Marshall Committed by Jason Plum

Allow Disabling of ClusterRoles in ApplicationCRD

- Add global.application.allowClusterRoles defaulted to true
- Document other flags that must be set when choosing to set
  global.application.allowClusterRoles to false

Resolves charts/gitlab#1176
Signed-off-by: Robert Marshall's avatarRobert Marshall <rmarshall@gitlab.com>
parent d4b4a052
---
title: Allow Disabling of ClusterRoles in ApplicationCRD
merge_request: 702
author:
type: added
......@@ -758,3 +758,25 @@ global:
application:
create: true
```
Some environments, such as Google GKE Marketplace, do not allow the creation
of ClusterRole resources. Set the following values to disable ClusterRole
components in the Application Custom Resource Definition as well as the
relevant charts packaged with Cloud Native GitLab.
```yaml
global:
application:
allowClusterRoles: false
operator:
enabled: false
nginx:
controller:
scope:
enabled: true
gitlab-runner:
rbac:
clusterWideAccess: false
certmanager:
install: false
```
......@@ -80,12 +80,14 @@ spec:
kind: ServiceAccount
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
{{ if eq .Values.global.application.allowClusterRoles true -}}
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
{{- end }}
- apiVersion: batch/v1
kind: Job
- apiVersion: v1
......
......@@ -31,6 +31,7 @@ global:
application:
create: false
links: []
allowClusterRoles: true
## doc/charts/globals.md#configure-host-settings
hosts:
domain: example.com
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment