search

hashicorp / vault-secrets-operator

The Vault Secrets Operator (VSO) allows Pods to consume Vault secrets natively from Kubernetes Secrets.
https://hashicorp.com
Other
430 stars 89 forks source link

Helm: add support for configuring user-facing roles #826

Closed benashz closed 1 week ago

benashz commented 2 weeks ago

Extends the clusterRoleAggregation configuration to support enabling user-facing ClusterRoles

See https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles for more information.

E.g:

controller
  rbac:
    clusterRoleAggregation:
      [...]
      userFacingRoles:
        # view controls whether the aggregated viewer ClusterRole will be made available to the user-facing
        # 'view' ClusterRole.
        view: false
        # view controls whether the aggregated viewer ClusterRole will be made available to the user-facing
        # 'edit' ClusterRole.
        edit: false