From 2d99ea63010e381c2cc9e408471f1d40e5ddd3db Mon Sep 17 00:00:00 2001 From: atye Date: Wed, 21 Sep 2022 11:35:03 -0400 Subject: [PATCH] changes for 1.4.0 --- charts/csm-authorization/Chart.yaml | 4 +-- charts/csm-authorization/policies/url.rego | 2 +- .../csm-authorization/templates/policies.yaml | 2 +- .../templates/proxy-server.yaml | 2 +- charts/csm-authorization/values.yaml | 26 +++++++++---------- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/charts/csm-authorization/Chart.yaml b/charts/csm-authorization/Chart.yaml index 31ce6501..ba628954 100644 --- a/charts/csm-authorization/Chart.yaml +++ b/charts/csm-authorization/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: csm-authorization -version: 1.3.0 -appVersion: 1.3.0 +version: 1.4.0 +appVersion: 1.4.0 type: application description: CSM for Authorization is part of the [Container Storage Modules](https://github.com/dell/csm) open source suite of Kubernetes storage enablers for Dell EMC storage products. CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers. dependencies: diff --git a/charts/csm-authorization/policies/url.rego b/charts/csm-authorization/policies/url.rego index fe0e04b1..071638ae 100644 --- a/charts/csm-authorization/policies/url.rego +++ b/charts/csm-authorization/policies/url.rego @@ -33,7 +33,7 @@ allowlist = [ "POST /api/instances/Volume::[a-f0-9]+/action/removeVolume/" ] -default allow = false +default allow = true allow { regex.match(allowlist[_], sprintf("%s %s", [input.method, input.url])) } diff --git a/charts/csm-authorization/templates/policies.yaml b/charts/csm-authorization/templates/policies.yaml index 8627b54a..00ae3143 100644 --- a/charts/csm-authorization/templates/policies.yaml +++ b/charts/csm-authorization/templates/policies.yaml @@ -68,7 +68,7 @@ metadata: name: powerscale-volumes-create namespace: {{ .Release.Namespace }} data: - {{- (.Files.Glob "policies/volumes-powerscale-create.rego").AsConfig | nindent 2 }}3 + {{- (.Files.Glob "policies/volumes-powerscale-create.rego").AsConfig | nindent 2 }} --- apiVersion: v1 kind: ConfigMap diff --git a/charts/csm-authorization/templates/proxy-server.yaml b/charts/csm-authorization/templates/proxy-server.yaml index 957858b3..0cd76539 100644 --- a/charts/csm-authorization/templates/proxy-server.yaml +++ b/charts/csm-authorization/templates/proxy-server.yaml @@ -36,7 +36,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io subjects: - kind: Group - name: system:serviceaccounts:karavi + name: system:serviceaccounts:{{ .Release.Namespace }} apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 diff --git a/charts/csm-authorization/values.yaml b/charts/csm-authorization/values.yaml index 69af919c..f452c16b 100644 --- a/charts/csm-authorization/values.yaml +++ b/charts/csm-authorization/values.yaml @@ -11,10 +11,10 @@ cert-manager: authorization: # images to use in installation images: - proxyService: dellemc/csm-authorization-proxy:v1.3.0 - tenantService: dellemc/csm-authorization-tenant:v1.3.0 - roleService: dellemc/csm-authorization-role:v1.3.0 - storageService: dellemc/csm-authorization-storage:v1.3.0 + proxyService: dellemc/csm-authorization-proxy:v1.4.0 + tenantService: dellemc/csm-authorization-tenant:v1.4.0 + roleService: dellemc/csm-authorization-role:v1.4.0 + storageService: dellemc/csm-authorization-storage:v1.4.0 opa: openpolicyagent/opa opaKubeMgmt: openpolicyagent/kube-mgmt:0.11 @@ -35,26 +35,26 @@ authorization: # proxy-server ingress configuration proxyServerIngress: - ingressClassName: # nginx + ingressClassName: nginx # additional host rules for the proxy-server ingress hosts: [] - # - namespace-ingress-nginx-controller.namespace.svc.cluster.local + # - application-ingress-nginx-controller.namespace.svc.cluster.local # additional annotations for the proxy-server ingress annotations: {} # tenant-service ingress configuration tenantServiceIngress: - ingressClassName: # nginx + ingressClassName: nginx # additional host rules for the tenant-service ingress hosts: [] # additional annotations for the tenant-service ingress # if applicable, an annotation supporting grpc for your ingress controller must be supplied - annotations: {} - # nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" # role-service ingress configuration roleServiceIngress: @@ -65,8 +65,8 @@ authorization: # additional annotations for the role-service ingress # an annotation supporting grpc for your ingress controller must be supplied, if applicable - annotations: {} - # nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" # storage-service ingress configuration storageServiceIngress: @@ -77,8 +77,8 @@ authorization: # additional annotations for the storage-service ingress # an annotation supporting grpc for your ingress controller must be supplied, if applicable - annotations: {} - # nginx.ingress.kubernetes.io/backend-protocol: "GRPC" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "GRPC" redis: images: