Skip to content

Instantly share code, notes, and snippets.

@rpothier

rpothier/README.md

Last active March 11, 2021 19:23
Show Gist options
  • Save rpothier/cc4205aac327199ad87857ca758755c3 to your computer and use it in GitHub Desktop.
Save rpothier/cc4205aac327199ad87857ca758755c3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Preparing the app Namespace

The goal here is to validate if Helm can be used to retrieve values from a Golden ConfigMap that is in a defined Namespace. Helm will read the data from the Golden ConfigMap and make a copy of the config map for the application namespace.

The Helm lookup function

The Helm lookup function can be used to parse the ConfigMap data fields. The an example of the syntax is below, here Helm will do a lookup of Version 1 of a ConfigMap in the default namespace, where the name of the ConfigMap is specified by Values.conjurname and Helm will get the conjur_foo item of the ConfigMap

name: {{ (lookup "v1" "ConfigMap" "default" (print .Values.conjurname) ).data.conjur_foo }}

Note: The print function can be used to pass a parameter into the lookup function. The 'Value' can be used passed as a Helm argument or in the Value.yaml file

Limitations

  • The configmap data needs to be in a flat key value pair as in golden-config-example.yaml.
  • The Helm lookup function will not parse a multiline yaml value, the value can be base64 encoded.
  • Helm install --dry-run and Helm template do not work with lookup as Helm needs to reach out to the cluster.
  • Helm will install manifests in order based on the type of manifest. ConfigMaps will be installed before RoleBindings.
  • The ConfigMap values cannot have a . or -. They can use a _

Helm Upgrade

Validated the Helm upgrade works.

  • Did Helm install.
  • Removed the golden config.
  • Changed the golden config and re-installed.
  • Did a Helm upgrade.
  • The new changes are in the Helm created config map.

Multiline values

The Helm lookup function will not parse a multiline yaml value like this

  sslCertificate:  |
      -----BEGIN CERTIFICATE-----
      MIIDhDCCAmygAwIBAgIRAJwBd+VnZ7C9RqNHFEHtqAcwDQYJKoZIhvcNAQELBQAw
      GDEWMBQGA1UEAxMNY29uanVyLW9zcy1jYTAeFw0yMTAyMjIxMTQ0MTBaFw0yMjAy
      MjIxMTQ0MTBaMBsxGTAXBgNVBAMTEGNvbmp1ci5teW9yZy5jb20wggEiMA0GCSqG
      SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/7Ss8SBD88HpaQmWZRHXrIBeXMqSWeSSf
      4MwWqad+/Aog473CAVaWJrbVIe/x3l2JUD5QgS3X4syhMPuDCIUaBsiNICpPkVAj
      bIJWfuXCqn3ScDStsnkDdRKK3X1HGrojfxcHhxFUqUhKHdJ3oreQvFgrIkbBfbbR
      2O9Gd5SUUam6feBcwHvVYx9fHq55C6DneyHLxs5HX+3A2Qcm0wHhJxcyHZl4zKR+
      WDd+bZjIBToMlJUKvZXl0Thu1+1MSuLqMTsq9+4HzaMsfsghAOCu1dJdJekqxUUn
      uNRkRP82yuS9Ajb+vo3u4ElCPjakF+57bhofNENxkLTuKBXSVAfVAgMBAAGjgcUw
      gcIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
      AjAMBgNVHRMBAf8EAjAAMIGCBgNVHREEezB5ghBjb25qdXIubXlvcmcuY29tggpj
      b25qdXItb3NzghVjb25qdXItb3NzLmNvbmp1ci1vc3OCGWNvbmp1ci1vc3MuY29u
      anVyLW9zcy5zdmOCJ2Nvbmp1ci1vc3MuY29uanVyLW9zcy5zdmMuY2x1c3Rlci5s
      b2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAEZZYw4SeDEZaiy+Nma5NlZwQWtWKRRth
      yF7LJamYwYripGFUCV/8rMlfpTEUiOphkOVK4SpUpXWIsXSEFtYp0MNP8oImO0+z
      MTmgcCf5F7zFhuCMkJImbsyCQsUd26upTebcrK7R7bV++yMofS2fYC+G8HBKsDpf
      3+BOSmQLSc8bJngdkDBXLPflZSJ3m/zKVljxW/5HBmexrYLA1dVNmNSDL867GN1q
      s1ENIh1UT7kIEPr+YebkR9BaxQbyG9DXnktpp5we+9a1HEPWJ6dXCyvf43DXKdWU
      4fRDZYLUuodUxPdyfltuKCPP6xaUSac+TG1fnr13kVGy1SuTGkJI+w==
      -----END CERTIFICATE-----

To get around this error one idea is to base64 encode the certificate so the cert is one long line. In this was case the cert will look like this in the golden config

 conjur_sslCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgIE1JSURoRENDQW15Z0F3SUJBZ0lSQUp3QmQrVm5aN0M5UnFOSEZFSHRxQWN3RFFZSktvWklodmNOQVFFTEJRQXcKICAgICAgR0RFV01CUUdBMVVFQXhNTlkyOXVhblZ5TFc5emN5MWpZVEFlRncweU1UQXlNakl4TVRRME1UQmFGdzB5TWpBeQogICAgICBNakl4TVRRME1UQmFNQnN4R1RBWEJnTlZCQU1URUdOdmJtcDFjaTV0ZVc5eVp5NWpiMjB3Z2dFaU1BMEdDU3FHCiAgICAgIFNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMvN1NzOFNCRDg4SHBhUW1XWlJIWHJJQmVYTXFTV2VTU2YKICAgICAgNE13V3FhZCsvQW9nNDczQ0FWYVdKcmJWSWUveDNsMkpVRDVRZ1MzWDRzeWhNUHVEQ0lVYUJzaU5JQ3BQa1ZBagogICAgICBiSUpXZnVYQ3FuM1NjRFN0c25rRGRSS0szWDFIR3JvamZ4Y0hoeEZVcVVoS0hkSjNvcmVRdkZncklrYkJmYmJSCiAgICAgIDJPOUdkNVNVVWFtNmZlQmN3SHZWWXg5ZkhxNTVDNkRuZXlITHhzNUhYKzNBMlFjbTB3SGhKeGN5SFpsNHpLUisKICAgICAgV0RkK2JaaklCVG9NbEpVS3ZaWGwwVGh1MSsxTVN1THFNVHNxOSs0SHphTXNmc2doQU9DdTFkSmRKZWtxeFVVbgogICAgICB1TlJrUlA4Mnl1UzlBamIrdm8zdTRFbENQamFrRis1N2Job2ZORU54a0xUdUtCWFNWQWZWQWdNQkFBR2pnY1V3CiAgICAgIGdjSXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0QKICAgICAgQWpBTUJnTlZIUk1CQWY4RUFqQUFNSUdDQmdOVkhSRUVlekI1Z2hCamIyNXFkWEl1YlhsdmNtY3VZMjl0Z2dwagogICAgICBiMjVxZFhJdGIzTnpnaFZqYjI1cWRYSXRiM056TG1OdmJtcDFjaTF2YzNPQ0dXTnZibXAxY2kxdmMzTXVZMjl1CiAgICAgIGFuVnlMVzl6Y3k1emRtT0NKMk52Ym1wMWNpMXZjM011WTI5dWFuVnlMVzl6Y3k1emRtTXVZMngxYzNSbGNpNXMKICAgICAgYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFFWlpZdzRTZURFWmFpeStObWE1Tmxad1FXdFdLUlJ0aAogICAgICB5RjdMSmFtWXdZcmlwR0ZVQ1YvOHJNbGZwVEVVaU9waGtPVks0U3BVcFhXSXNYU0VGdFlwME1OUDhvSW1PMCt6CiAgICAgIE1UbWdjQ2Y1Rjd6Rmh1Q01rSkltYnN5Q1FzVWQyNnVwVGViY3JLN1I3YlYrK3lNb2ZTMmZZQytHOEhCS3NEcGYKICAgICAgMytCT1NtUUxTYzhiSm5nZGtEQlhMUGZsWlNKM20vektWbGp4Vy81SEJtZXhyWUxBMWRWTm1OU0RMODY3R04xcQogICAgICBzMUVOSWgxVVQ3a0lFUHIrWWVia1I5QmF4UWJ5RzlEWG5rdHBwNXdlKzlhMUhFUFdKNmRYQ3l2ZjQzRFhLZFdVCiAgICAgIDRmUkRaWUxVdW9kVXhQZHlmbHR1S0NQUDZ4YVVTYWMrVEcxZm5yMTNrVkd5MVN1VEdrSkkrdz09CiAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=

Helm with large SSL certificate

Tested a ConfigMap with an SSLCertificate that was four times bigger that in the below examples. There was no error and it was decoded by Helm.

Raw
example-golden-configmap.yml
apiVersion: v1
kind: ConfigMap
metadata:
name: authn-k8s-config-map
data:
# authn-k8s Configuration
authnK8sAuthenticatorID: my-authenticator-id
authnK8sClusterRole: conjur-oss-conjur-authenticator
authnK8sNamespace: conjur-oss
authnK8sServiceAccount: conjur-oss
# Secret which contains a service account token for authenticating
# K8s identities with Kubernetes API when DAP master/followers
# are outside of the K8s cluster. Secret is assumed to be in the
# data.authn-k8s.namespace field above.
authnK8sServiceAccountSecret: conjur-oss conjur-oss-token-87sbm
# Conjur Configuration
conjurURL: "https://conjur-oss.conjur-oss.svc.cluster.local"
conjurAccount: myConjurAccount
# Base64 encoded version of Conjur's SSL certificate
conjurSSLCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCiAgICAgIE1JSURoRENDQW15Z0F3SUJBZ0lSQUp3QmQrVm5aN0M5UnFOSEZFSHRxQWN3RFFZSktvWklodmNOQVFFTEJRQXcKICAgICAgR0RFV01CUUdBMVVFQXhNTlkyOXVhblZ5TFc5emN5MWpZVEFlRncweU1UQXlNakl4TVRRME1UQmFGdzB5TWpBeQogICAgICBNakl4TVRRME1UQmFNQnN4R1RBWEJnTlZCQU1URUdOdmJtcDFjaTV0ZVc5eVp5NWpiMjB3Z2dFaU1BMEdDU3FHCiAgICAgIFNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUMvN1NzOFNCRDg4SHBhUW1XWlJIWHJJQmVYTXFTV2VTU2YKICAgICAgNE13V3FhZCsvQW9nNDczQ0FWYVdKcmJWSWUveDNsMkpVRDVRZ1MzWDRzeWhNUHVEQ0lVYUJzaU5JQ3BQa1ZBagogICAgICBiSUpXZnVYQ3FuM1NjRFN0c25rRGRSS0szWDFIR3JvamZ4Y0hoeEZVcVVoS0hkSjNvcmVRdkZncklrYkJmYmJSCiAgICAgIDJPOUdkNVNVVWFtNmZlQmN3SHZWWXg5ZkhxNTVDNkRuZXlITHhzNUhYKzNBMlFjbTB3SGhKeGN5SFpsNHpLUisKICAgICAgV0RkK2JaaklCVG9NbEpVS3ZaWGwwVGh1MSsxTVN1THFNVHNxOSs0SHphTXNmc2doQU9DdTFkSmRKZWtxeFVVbgogICAgICB1TlJrUlA4Mnl1UzlBamIrdm8zdTRFbENQamFrRis1N2Job2ZORU54a0xUdUtCWFNWQWZWQWdNQkFBR2pnY1V3CiAgICAgIGdjSXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0QKICAgICAgQWpBTUJnTlZIUk1CQWY4RUFqQUFNSUdDQmdOVkhSRUVlekI1Z2hCamIyNXFkWEl1YlhsdmNtY3VZMjl0Z2dwagogICAgICBiMjVxZFhJdGIzTnpnaFZqYjI1cWRYSXRiM056TG1OdmJtcDFjaTF2YzNPQ0dXTnZibXAxY2kxdmMzTXVZMjl1CiAgICAgIGFuVnlMVzl6Y3k1emRtT0NKMk52Ym1wMWNpMXZjM011WTI5dWFuVnlMVzl6Y3k1emRtTXVZMngxYzNSbGNpNXMKICAgICAgYjJOaGJEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFFWlpZdzRTZURFWmFpeStObWE1Tmxad1FXdFdLUlJ0aAogICAgICB5RjdMSmFtWXdZcmlwR0ZVQ1YvOHJNbGZwVEVVaU9waGtPVks0U3BVcFhXSXNYU0VGdFlwME1OUDhvSW1PMCt6CiAgICAgIE1UbWdjQ2Y1Rjd6Rmh1Q01rSkltYnN5Q1FzVWQyNnVwVGViY3JLN1I3YlYrK3lNb2ZTMmZZQytHOEhCS3NEcGYKICAgICAgMytCT1NtUUxTYzhiSm5nZGtEQlhMUGZsWlNKM20vektWbGp4Vy81SEJtZXhyWUxBMWRWTm1OU0RMODY3R04xcQogICAgICBzMUVOSWgxVVQ3a0lFUHIrWWVia1I5QmF4UWJ5RzlEWG5rdHBwNXdlKzlhMUhFUFdKNmRYQ3l2ZjQzRFhLZFdVCiAgICAgIDRmUkRaWUxVdW9kVXhQZHlmbHR1S0NQUDZ4YVVTYWMrVEcxZm5yMTNrVkd5MVN1VEdrSkkrdz09CiAgICAgIC0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
# Kubernetes Configuration
# kubernetes_apiURL and
kubernetesAPIURL: "https://123456789ABCDEF123456789ABCDEF12.sk1.us-east-1.eks.amazonaws.com"
kubernetesAPICertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUN5RENDQWJDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZApSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkClJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWQKUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZApSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkClJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWQKUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZApSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkClJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWQKUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZApSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkClJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWQKUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZApSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFJlZGFjdGVkUmVkYWN0ZWRSZWRhY3RlZFkyaz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kubernetesPlatform: kubernetes
Raw
namespace-prep-template.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.conjurConnectConfigmapName }}
namespace: {{ .Release.Namespace }}
data:
authnK8sAuthenticatorID: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sAuthenticatorID }}
authnK8sClusterRole: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sClusterRole}}
authnK8sNamespace: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sNamespace }}
authnK8sServiceAccount: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sServiceAccount }}
conjurUrl: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.conjurURL }}
conjurAccount: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.conjurAccount }}
conjurSslCertificate: {{ printf " |\n " }} {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.conjurSSLCertificate | b64dec }}
Raw
namespace-prep.yaml
golden-config$ kubectl get cm conjur-connect-configmap -o yaml
apiVersion: v1
data:
authnK8sAuthenticatorID: my-authenticator-id
authnK8sClusterRole: conjur-oss-conjur-authenticator
authnK8sNamespace: conjur-ns
authnK8sServiceAccount: conjur-sa
conjurAccount: myConjurAccount
conjurSslCertificate: |
-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIRAJwBd+VnZ7C9RqNHFEHtqAcwDQYJKoZIhvcNAQELBQAw
GDEWMBQGA1UEAxMNY29uanVyLW9zcy1jYTAeFw0yMTAyMjIxMTQ0MTBaFw0yMjAy
MjIxMTQ0MTBaMBsxGTAXBgNVBAMTEGNvbmp1ci5teW9yZy5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/7Ss8SBD88HpaQmWZRHXrIBeXMqSWeSSf
4MwWqad+/Aog473CAVaWJrbVIe/x3l2JUD5QgS3X4syhMPuDCIUaBsiNICpPkVAj
bIJWfuXCqn3ScDStsnkDdRKK3X1HGrojfxcHhxFUqUhKHdJ3oreQvFgrIkbBfbbR
2O9Gd5SUUam6feBcwHvVYx9fHq55C6DneyHLxs5HX+3A2Qcm0wHhJxcyHZl4zKR+
WDd+bZjIBToMlJUKvZXl0Thu1+1MSuLqMTsq9+4HzaMsfsghAOCu1dJdJekqxUUn
uNRkRP82yuS9Ajb+vo3u4ElCPjakF+57bhofNENxkLTuKBXSVAfVAgMBAAGjgcUw
gcIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAMBgNVHRMBAf8EAjAAMIGCBgNVHREEezB5ghBjb25qdXIubXlvcmcuY29tggpj
b25qdXItb3NzghVjb25qdXItb3NzLmNvbmp1ci1vc3OCGWNvbmp1ci1vc3MuY29u
anVyLW9zcy5zdmOCJ2Nvbmp1ci1vc3MuY29uanVyLW9zcy5zdmMuY2x1c3Rlci5s
b2NhbDANBgkqhkiG9w0BAQsFAAOCAQEAEZZYw4SeDEZaiy+Nma5NlZwQWtWKRRth
yF7LJamYwYripGFUCV/8rMlfpTEUiOphkOVK4SpUpXWIsXSEFtYp0MNP8oImO0+z
MTmgcCf5F7zFhuCMkJImbsyCQsUd26upTebcrK7R7bV++yMofS2fYC+G8HBKsDpf
3+BOSmQLSc8bJngdkDBXLPflZSJ3m/zKVljxW/5HBmexrYLA1dVNmNSDL867GN1q
s1ENIh1UT7kIEPr+YebkR9BaxQbyG9DXnktpp5we+9a1HEPWJ6dXCyvf43DXKdWU
4fRDZYLUuodUxPdyfltuKCPP6xaUSac+TG1fnr13kVGy1SuTGkJI+w==
-----END CERTIFICATE-----
conjurUrl: https://conjur-oss.conjur-oss.svc.cluster.local
kind: ConfigMap
metadata:
annotations:
meta.helm.sh/release-name: namespace-prep
meta.helm.sh/release-namespace: app-test
creationTimestamp: "2021-03-04T20:12:44Z"
labels:
app.kubernetes.io/managed-by: Helm
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:authnK8sAuthenticatorID: {}
f:authnK8sClusterRole: {}
f:authnK8sNamespace: {}
f:authnK8sServiceAccount: {}
f:conjurAccount: {}
f:conjurSslCertificate: {}
f:conjurUrl: {}
f:metadata:
f:annotations:
.: {}
f:meta.helm.sh/release-name: {}
f:meta.helm.sh/release-namespace: {}
f:labels:
.: {}
f:app.kubernetes.io/managed-by: {}
manager: Go-http-client
operation: Update
time: "2021-03-04T20:12:44Z"
name: conjur-connect-configmap
namespace: app-test
resourceVersion: "462576"
selfLink: /api/v1/namespaces/app-test/configmaps/conjur-connect-configmap
uid: 724a105f-46bd-4622-9e1c-f63a80882fab
Raw
rolebinding-prep-template.yaml
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Values.conjurConnectRoleBindingName }}
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sServiceAccount }}
namespace: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sNamespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ (lookup "v1" "ConfigMap" (print .Values.conjurNamespace) (print .Values.conjurName) ).data.authnK8sClusterRole }}
Raw
values.yaml
# Default values for namespace-prep.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
conjurName: authn-k8s-config-map
conjurNamespace: golden
conjurConnectConfigmapName: conjur-connect-configmap
conjurConnectRoleBindingName: conjur-authenticator-role-binding
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment