flagger icon indicating copy to clipboard operation
flagger copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

What RBAC permissions does helmtester need?

Open hobbsh opened this issue 4 years ago • 3 comments

Hi,

Really impressed with Flagger and everything it can do! I'm wondering what the minimum RBAC policy required is for helmtester. Does this depend on the chart being tested?

hobbsh avatar Apr 23 '20 03:04 hobbsh

It depends on how you define the tests, if they are pods then helmtester needs access to create, get, list, delete pods as well as fetching the logs from those pods. You can determine the right RBAC by creating an account and run helm test under that account.

stefanprodan avatar Apr 23 '20 06:04 stefanprodan

Thanks for the quick response! I'll see what I can figure out.

hobbsh avatar Apr 24 '20 01:04 hobbsh

I've got the helm test to work with the following ClusterRole:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: flagger-loadtester
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create", "get", "list", "watch", "delete"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["list", "update"]

kobellem avatar May 12 '23 12:05 kobellem