From b1f075274816726808ecb25009bc14d17a3329a4 Mon Sep 17 00:00:00 2001 From: facchettos Date: Wed, 4 Sep 2024 10:44:39 +0200 Subject: [PATCH] updated rbac template --- chart/templates/_rbac.tpl | 1 + chart/templates/clusterrole.yaml | 2 +- chart/templates/role.yaml | 5 +++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/chart/templates/_rbac.tpl b/chart/templates/_rbac.tpl index a5f0c27ae..71f2e3d30 100644 --- a/chart/templates/_rbac.tpl +++ b/chart/templates/_rbac.tpl @@ -37,6 +37,7 @@ .Values.sync.toHost.customResourceDefinitions .Values.sync.fromHost.customResourceDefinitions .Values.integrations.kubeVirt.enabled + .Values.integrations.externalSecrets.enabled (and .Values.integrations.metricsServer.enabled .Values.integrations.metricsServer.nodes) .Values.experimental.multiNamespaceMode.enabled -}} {{- true -}} diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml index dfd8c4f06..a740cb722 100644 --- a/chart/templates/clusterrole.yaml +++ b/chart/templates/clusterrole.yaml @@ -117,7 +117,7 @@ rules: resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] verbs: ["get", "list", "watch"] {{- end }} - {{- if or .Values.integrations.kubeVirt.enabled .Values.sync.toHost.customResourceDefinitions .Values.sync.fromHost.customResourceDefinitions }} + {{- if or .Values.integrations.kubeVirt.enabled .Values.integrations.externalSecrets.enabled .Values.sync.toHost.customResourceDefinitions .Values.sync.fromHost.customResourceDefinitions }} - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["get", "list", "watch"] diff --git a/chart/templates/role.yaml b/chart/templates/role.yaml index 36ba4b85f..a0b8c223c 100644 --- a/chart/templates/role.yaml +++ b/chart/templates/role.yaml @@ -94,6 +94,11 @@ rules: resources: ["virtualmachines", "virtualmachines/status", "virtualmachineinstances", "virtualmachineinstances/status", "virtualmachineinstancemigrations", "virtualmachineinstancemigrations/status"] verbs: ["create", "delete", "patch", "update", "get", "list", "watch"] {{- end }} + {{- if .Values.integrations.externalSecrets.sync.externalSecrets.enabled }} + - apiGroups: ["external-secrets.io"] + resources: ["externalsecrets"] + verbs: ["create", "delete", "patch", "update", "get", "list", "watch"] + {{- end }} {{- include "vcluster.customResourceDefinitions.roleExtraRules" . | indent 2 }} {{- include "vcluster.plugin.roleExtraRules" . | indent 2 }} {{- include "vcluster.generic.roleExtraRules" . | indent 2 }}