diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 59c2be3d0..ac49e9c91 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: onyxia description: Onyxia is your datalab's hub. -icon: https://onyxia.sh/chart-icon.svg +icon: https://inseefrlab.github.io/onyxia/icon.svg # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -14,5 +14,4 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 4.0.1 - +version: 4.1.1 diff --git a/helm-chart/templates/cluster-role-binding.yaml b/helm-chart/templates/cluster-role-binding.yaml index 63712eac1..37dbacbe8 100644 --- a/helm-chart/templates/cluster-role-binding.yaml +++ b/helm-chart/templates/cluster-role-binding.yaml @@ -9,7 +9,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: {{ default "cluster-admin" .Values.serviceAccount.existingClusterRole }} subjects: - kind: ServiceAccount name: {{ include "onyxia.api.serviceAccountName" . }} diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml index c088d482b..46863f006 100644 --- a/helm-chart/values.yaml +++ b/helm-chart/values.yaml @@ -8,7 +8,11 @@ hostAliases: [] serviceAccount: # Specifies whether a service account should be created create: true - clusterAdmin: false # If true, give cluster admin permissions. Otherwise, be admin scoped to the namespace + # If true, the created service account is bound to a ClusterRole (default : cluster-admin) ; + # if false, it is instead bound to the admin Role, and thus scoped to the namespace + clusterAdmin: false + # Existing ClusterRole to use for the CRB if clusterAdmin is set to true + # existingClusterRole: "" # Annotations to add to the service account annotations: {} # The name of the service account to use.