farhoodlabs/devcontainer
8
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 39 Wiki Activity
Files
feat/cluster-access-rbac
devcontainer/chart/values.yaml
T
Chris Farhood d7210fb4e5 feat: add clusterAccess option for Kubernetes RBAC in Helm chart 
Adds a clusterAccess value with five levels:
  none        — no cluster access (default, no RBAC resources created)
  readonlyns  — Role + RoleBinding: get/list/watch in release namespace
  readwritens — Role + RoleBinding: full access in release namespace
  readonly    — ClusterRole + ClusterRoleBinding: get/list/watch cluster-wide
  readwrite   — ClusterRole + ClusterRoleBinding: full access cluster-wide

A ServiceAccount is created for the pod whenever access != none and
referenced in the Deployment's serviceAccountName.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 11:25:29 -05:00

53 lines
1.3 KiB
YAML
Raw Permalink Blame History

# Instance name — used to generate resource names (devcontainer-{name}, userhome-{name})
name: ""
image:
repository: ghcr.io/cpfarhood/devcontainer
tag: latest
pullPolicy: Always
# GitHub repository to clone into /workspace
githubRepo: ""
# Happy Coder endpoints
happyServerUrl: "https://happy.farh.net"
happyWebappUrl: "https://happy-coder.farh.net"
happyHomeDir: "/workspace/.happy"
happyExperimental: "true"
# VNC display
display:
width: "1920"
height: "1080"
# Set to "0" when TLS is terminated at the gateway layer
secureConnection: "0"
userId: "1000"
groupId: "1000"
storage:
size: 32Gi
className: ceph-filesystem
resources:
requests:
memory: "2Gi"
cpu: "1000m"
limits:
memory: "8Gi"
cpu: "4000m"
# Kubernetes cluster access granted to the devcontainer pod via RBAC.
# Options:
# none — no cluster access (default)
# readonlyns — get/list/watch all resources in the release namespace
# readwritens — full access to all resources in the release namespace
# readonly — get/list/watch all resources cluster-wide
# readwrite — full access to all resources cluster-wide
clusterAccess: none
# Name of existing Secret containing env vars (GITHUB_TOKEN, VNC_PASSWORD, etc.)
# Defaults to: devcontainer-{name}-secrets-env
envSecretName: ""
Reference in New Issue View Git Blame Copy Permalink