[GitHub] [druid] jwitko commented on a diff in pull request #13747: helm: Add serviceAccounts, rbac, and small fixes

["jwitko (via GitHub)" <gi...@apache.org>]

jwitko commented on code in PR #13747:
URL: https://github.com/apache/druid/pull/13747#discussion_r1100571768


##########
helm/druid/templates/broker/role.yaml:
##########
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "druid.broker.fullname" . }}
+  labels:
+    app: {{ include "druid.name" . }}
+    chart: {{ include "druid.chart" . }}
+    component: {{ .Values.broker.name }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - configmaps
+    verbs:
+      - '*'

Review Comment:
   I found that when this role did not exist none of the pods could start.  They seem to all manage labels when using the kubernetes extension.  Unclear if they will remove when not needed the same as they add when needed.  I can test that and narrow down permission sets for each service.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@druid.apache.org
For additional commands, e-mail: commits-help@druid.apache.org