diff --git a/VERSION b/VERSION index e2103933..869c1ce9 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.3.44 \ No newline at end of file +v0.3.45 \ No newline at end of file diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a9b4a821..f0b22a7b 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 description: A Helm chart for kraan controller name: kraan-controller type: application -appVersion: v0.3.44 -version: v0.3.44 +appVersion: v0.3.45 +version: v0.3.45 diff --git a/chart/templates/gotk/rbac.yaml b/chart/templates/gotk/rbac.yaml index 30845b5a..6872befb 100644 --- a/chart/templates/gotk/rbac.yaml +++ b/chart/templates/gotk/rbac.yaml @@ -153,8 +153,17 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: {{ .Values.gotk.rbac.adminClusterRole.name }} subjects: - kind: ServiceAccount name: fluxcd namespace: "{{ .Release.Namespace }}" +{{ if .Values.gotk.rbac.adminClusterRole.rules }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.gotk.rbac.adminClusterRole.name }} +rules: +{{ .Values.gotk.rbac.adminClusterRole.rules | toYaml }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/kraan/rbac.yaml b/chart/templates/kraan/rbac.yaml index 6188d53a..192fed5e 100644 --- a/chart/templates/kraan/rbac.yaml +++ b/chart/templates/kraan/rbac.yaml @@ -156,9 +156,18 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: {{ .Values.kraan.rbac.adminClusterRole.name }} subjects: - kind: ServiceAccount name: kraan namespace: {{.Release.Namespace}} +{{ if .Values.kraan.rbac.adminClusterRole.rules }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.kraan.rbac.adminClusterRole.name }} +rules: +{{ .Values.kraan.rbac.adminClusterRole.rules | toYaml }} +{{- end }} {{- end }} \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index ac190cb8..9a5f447e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -16,6 +16,12 @@ kraan: enabled: true rbac: enabled: true + adminClusterRole: + # admin ClusterRole to be used by the controller, default is cluster-admin + name: "cluster-admin" + # specify rules to create a ClusterRole + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io + rules: [] netpolicy: enabled: true kraanController: @@ -81,6 +87,12 @@ kraan: gotk: rbac: enabled: true + adminClusterRole: + # admin ClusterRole to be used by the controller, default is cluster-admin + name: "cluster-admin" + # specify rules to create a ClusterRole + # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io + rules: [] netpolicy: enabled: true diff --git a/go.mod b/go.mod index 0d634260..66e4f165 100644 --- a/go.mod +++ b/go.mod @@ -14,9 +14,9 @@ require ( github.com/google/go-cmp v0.6.0 github.com/paulcarlton-ww/goutils/pkg/testutils v0.1.42 github.com/pkg/errors v0.9.1 - github.com/prometheus/client_golang v1.20.4 + github.com/prometheus/client_golang v1.20.5 go.uber.org/zap v1.27.0 - golang.org/x/mod v0.21.0 + golang.org/x/mod v0.22.0 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 diff --git a/go.sum b/go.sum index 52ae46f8..4263d2b6 100644 --- a/go.sum +++ b/go.sum @@ -180,8 +180,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -229,8 +229,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=