Skip to content

allow rbac rolebindings to be disabled #1174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tomhaynes wants to merge 1 commit into
base: main
Choose a base branch
from
Open

allow rbac rolebindings to be disabled #1174

tomhaynes wants to merge 1 commit into from
+55 −1

Conversation

@tomhaynes
Copy link

@tomhaynes tomhaynes commented Dec 16, 2025

allow rbac rolebindings to be disabled

  • this allows for external configuration of these, for instance for more locked-down permissioning

Copilot AI review requested due to automatic review settings December 16, 2025 16:27
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces a configuration option to disable RBAC ClusterRole and ClusterRoleBinding resources, allowing users to manage RBAC permissions externally for more controlled security configurations.

Key Changes:

  • Added rbac.clusterRoleEnabled configuration flag (defaults to true)
  • Modified RBAC templates to conditionally render based on the new flag
  • Added comprehensive test coverage for the new functionality

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
helm/kagent/values.yaml Adds new RBAC configuration section with clusterRoleEnabled toggle
helm/kagent/templates/rbac/clusterrole.yaml Wraps ClusterRole resource with conditional rendering based on rbac.clusterRoleEnabled
helm/kagent/templates/rbac/clusterrolebinding.yaml Wraps ClusterRoleBinding resource with conditional rendering based on rbac.clusterRoleEnabled
helm/kagent/tests/rbac_test.yaml Adds test cases to verify conditional rendering of RBAC resources

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dimetron
Copy link
Contributor

dimetron commented Dec 18, 2025

if .Values.rbac.clusterRoleEnabled -> can we create namespace level rbac instead ?

@tomhaynes
Copy link
Author

tomhaynes commented Dec 18, 2025

@dimetron yes this is what I'm doing locally.. with this I thought it might be easier to just disable rbac management rather than trying to pre-suppose how others want it configured.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@EItanya EItanya Awaiting requested review from EItanya EItanya is a code owner

@ilackarms ilackarms Awaiting requested review from ilackarms ilackarms is a code owner

@yuval-k yuval-k Awaiting requested review from yuval-k yuval-k is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tomhaynes @dimetron