You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/vendor/replicated-sdk-customizing.md
+10-12Lines changed: 10 additions & 12 deletions
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ For information about how to use a custom domain for the Replicated SDK image, s
6
6
7
7
## Customize RBAC for the SDK
8
8
9
-
This section describes role-based access control (RBAC) for the Replicated SDK, including the default RBAC, minimum RBAC requirements, and how to install the SDK with custom RBAC.
9
+
This section describes role-based access control (RBAC) for the Replicated SDK, including the default RBAC, minimal RBAC, and how to install the SDK with custom RBAC.
10
10
11
11
### Default RBAC
12
12
@@ -47,7 +47,14 @@ rules:
47
47
48
48
### Minimal RBAC
49
49
50
-
With the Replicated SDK version 1.7.0 and later, you can enable a fully-featured but less permissive RBAC role by setting `minimalRBAC` to true.
50
+
With the Replicated SDK version 1.7.0 and later, you can enable a fully-featured but less permissive RBAC role by setting `minimalRBAC` to true in your Helm chart values, as shown below:
51
+
52
+
```yaml
53
+
# Helm chart values.yaml
54
+
55
+
replicated:
56
+
minimalRBAC: true
57
+
```
51
58
52
59
The permissions included in the Minimal RBAC role vary depending on if you defined custom _status informers_ for your application. See one of the following sections for more information:
53
60
* [Default Minimal RBAC Role Without Custom Status Informers](#default-no-status-informers)
@@ -75,15 +82,6 @@ If you did _not_ define custom status informers for your application, then the d
75
82
76
83
These permissions allow the SDK to discover the Helm chart secret for your application, parse it to determine what resources to monitor, and then monitor those resources.
77
84
78
-
To enable Minimal RBAC, set the value in your Helm chart as shown below:
79
-
80
-
```yaml
81
-
# Helm chart values.yaml
82
-
83
-
replicated:
84
-
minimalRBAC: true
85
-
```
86
-
87
85
The following shows the default RBAC role for the SDK when Minimal RBAC is enabled and no customer status informers are defined:
88
86
89
87
```yaml
@@ -521,4 +519,4 @@ This is the format produced by `kubectl create secret tls <secret_name> --cert=<
521
519
replicated:
522
520
tlsCertSecretName: YOUR_TLS_SECRET
523
521
```
524
-
Where `YOUR_TLS_SECRET` is the secret in the namespace containing the TLS certificate and key.
522
+
Where `YOUR_TLS_SECRET` is the secret in the namespace containing the TLS certificate and key.
0 commit comments