feat(helm): adds a flag for tokengen rbac components so that they can…

… be disabled optionally
grafana · Jan 22, 2025 · 3d6616e · 3d6616e
1 parent 81940c8
commit 3d6616e
Show file tree

Hide file tree

Showing 6 changed files with 25 additions and 3 deletions.
diff --git a/docs/sources/setup/install/helm/reference.md b/docs/sources/setup/install/helm/reference.md
@@ -3106,6 +3106,9 @@ null
     "labels": {},
     "nodeSelector": {},
     "priorityClassName": "",
+    "rbac": {
+      "create": true
+    },
     "securityContext": {
       "fsGroup": 10001,
       "runAsGroup": 10001,
@@ -3475,6 +3478,9 @@ null
   "labels": {},
   "nodeSelector": {},
   "priorityClassName": "",
+  "rbac": {
+    "create": true
+  },
   "securityContext": {
     "fsGroup": 10001,
     "runAsGroup": 10001,
@@ -3584,6 +3590,17 @@ true
 			<td><pre lang="json">
 ""
 </pre>
+</td>
+		</tr>
+		<tr>
+			<td>enterprise.tokengen.rbac</td>
+			<td>object</td>
+			<td>Whether to create a ServiceAccount, a (Cluster)Role and a (Cluster)RoleBinding for the tokengen Job - this allows the components to be created externally when needed</td>
+			<td><pre lang="json">
+{
+  "create": true
+}
+</pre>
 </td>
 		</tr>
 		<tr>

diff --git a/production/helm/loki/CHANGELOG.md b/production/helm/loki/CHANGELOG.md
@@ -13,6 +13,8 @@ Entries should include a reference to the pull request that introduced the chang
 
 [//]: # (<AUTOMATED_UPDATES_LOCATOR> : do not remove this line. This locator is used by the CI pipeline to automatically create a changelog entry for each new Loki release. Add other chart versions and respective changelog entries bellow this line.)
 
+- [FEATURE] Added a Helm Chart value to disable the rbac resource creation for the tokengen job.
+
 ## 6.25.0
 
 - [BUGFIX] Removed minio-mc init container from admin-api.

diff --git a/production/helm/loki/templates/tokengen/clusterrole-tokengen.yaml b/production/helm/loki/templates/tokengen/clusterrole-tokengen.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled .Values.enterprise.tokengen.rbac.create }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}Role

diff --git a/production/helm/loki/templates/tokengen/clusterrolebinding-tokengen.yaml b/production/helm/loki/templates/tokengen/clusterrolebinding-tokengen.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.tokengen.rbac.create .Values.enterprise.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: {{ if not .Values.rbac.namespaced }}Cluster{{ end }}RoleBinding

diff --git a/production/helm/loki/templates/tokengen/serviceaccount-tokengen.yaml b/production/helm/loki/templates/tokengen/serviceaccount-tokengen.yaml
@@ -1,4 +1,4 @@
-{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.enabled }}
+{{ if and .Values.enterprise.tokengen.enabled .Values.enterprise.tokengen.rbac.create .Values.enterprise.enabled  }}
 ---
 apiVersion: v1
 kind: ServiceAccount

diff --git a/production/helm/loki/values.yaml b/production/helm/loki/values.yaml
@@ -543,6 +543,9 @@ enterprise:
     targetModule: "tokengen"
     # -- Additional CLI arguments for the `tokengen` target
     extraArgs: []
+    # -- Whether to create a ServiceAccount, a (Cluster)Role and a (Cluster)RoleBinding for the tokengen Job - this allows the components to be created externally when needed
+    rbac:
+      create: true
     # -- Additional Kubernetes environment
     env: []
     # -- Additional labels for the `tokengen` Job