github.com/y-taka-23/helm@v2.8.0+incompatible/docs/chart_best_practices/rbac.md (about)

     1  # Role-Based Access Control
     2  
     3  This part of the Best Practices Guide discusses the creation and formatting of RBAC resources in chart manifests.
     4  
     5  RBAC resources are:
     6  
     7  - ServiceAccount (namespaced)
     8  - Role (namespaced)
     9  - ClusterRole 
    10  - RoleBinding (namespaced)
    11  - ClusterRoleBinding
    12  
    13  ## RBAC-related values
    14  
    15  RBAC-related values in a chart should be namespaced under an `rbac` top-level key.  At a minimum this key should contain these sub-keys (explained below):
    16  
    17  - `create`
    18  - `serviceAccountName`
    19  
    20  Other keys under `rbac` may also be listed and used as well.
    21  
    22  ## RBAC Resources Should be Created by Default
    23  
    24  `rbac.create` should be a boolean value controlling whether RBAC resources are created.  The default should be `true`.  Users who wish to manage RBAC access controls themselves can set this value to `false` (in which case see below).
    25  
    26  ## Using RBAC Resources
    27  
    28  `rbac.serviceAccountName` should set the name of the ServiceAccount to be used by access-controlled resources created by the chart.  If `rbac.create` is true, then a ServiceAccount with this name should be created.  If `rbac.create` is false, then it should not be created, but it should still be associated with the same resources so that manually-created RBAC resources created later that reference it will function correctly.  (Note that this effectively makes `rbac.serviceAccountName` a required value in these charts.)