Merge pull request #437 from fidelity-contributions/feat/capecpi-2422-expose-admin-cr

padraigmc · web-flow · commit 5f2bcc51b8a9 · 2024-12-12T10:57:13.000Z
November Maintenence, expose admin clusterrole
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v0.3.44
+v0.3.45
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 description: A Helm chart for kraan controller
 name: kraan-controller
 type: application
-appVersion: v0.3.44
-version: v0.3.44
+appVersion: v0.3.45
+version: v0.3.45
diff --git a/chart/templates/gotk/rbac.yaml b/chart/templates/gotk/rbac.yaml
@@ -153,8 +153,17 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: {{ .Values.gotk.rbac.adminClusterRole.name }}
 subjects:
   - kind: ServiceAccount
     name: fluxcd
     namespace: "{{ .Release.Namespace }}"
+{{ if .Values.gotk.rbac.adminClusterRole.rules }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.gotk.rbac.adminClusterRole.name }}
+rules:
+{{ .Values.gotk.rbac.adminClusterRole.rules | toYaml }}
+{{- end }}
diff --git a/chart/templates/kraan/rbac.yaml b/chart/templates/kraan/rbac.yaml
@@ -156,9 +156,18 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-admin
+  name: {{ .Values.kraan.rbac.adminClusterRole.name }}
 subjects:
 - kind: ServiceAccount
   name: kraan
   namespace: {{.Release.Namespace}}
+{{ if .Values.kraan.rbac.adminClusterRole.rules }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.kraan.rbac.adminClusterRole.name }}
+rules:
+{{ .Values.kraan.rbac.adminClusterRole.rules | toYaml }}
+{{- end }}
 {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -16,6 +16,12 @@ kraan:
     enabled: true
   rbac:
     enabled: true
+    adminClusterRole:
+      # admin ClusterRole to be used by the controller, default is cluster-admin
+      name: "cluster-admin"
+      # specify rules to create a ClusterRole
+      # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
+      rules: []
   netpolicy:
     enabled: true
   kraanController:
@@ -81,6 +87,12 @@ kraan:
 gotk:
   rbac:
     enabled: true
+    adminClusterRole:
+      # admin ClusterRole to be used by the controller, default is cluster-admin
+      name: "cluster-admin"
+      # specify rules to create a ClusterRole
+      # https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#policyrule-v1-rbac-authorization-k8s-io
+      rules: []
   netpolicy:
     enabled: true
 
diff --git a/go.mod b/go.mod
@@ -14,9 +14,9 @@ require (
 	github.com/google/go-cmp v0.6.0
 	github.com/paulcarlton-ww/goutils/pkg/testutils v0.1.42
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.20.4
+	github.com/prometheus/client_golang v1.20.5
 	go.uber.org/zap v1.27.0
-	golang.org/x/mod v0.21.0
+	golang.org/x/mod v0.22.0
 	k8s.io/api v0.31.1
 	k8s.io/apiextensions-apiserver v0.31.1
 	k8s.io/apimachinery v0.31.1
diff --git a/go.sum b/go.sum
@@ -180,8 +180,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI=
-github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
+github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=
+github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
 github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
@@ -229,8 +229,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
