From 9eb23f2bc273918ae9932c1e83617566838746de Mon Sep 17 00:00:00 2001 From: Jens L Date: Thu, 13 Jul 2023 16:07:32 +0200 Subject: [PATCH] Revert cluster role (#186) * Revert "feat: Remove ClusterRole (#169)" This reverts commit 2c53130e87dc5baa12a66092ea475c384a2fdc06. * add toggle for clusterrole * bump version --- charts/authentik-remote-cluster/Chart.yaml | 2 +- charts/authentik-remote-cluster/README.md | 3 ++- .../authentik-remote-cluster/README.md.gotmpl | 2 +- .../templates/cluster-role-binding.yaml | 21 +++++++++++++++++++ .../templates/cluster-role.yaml | 20 ++++++++++++++++++ charts/authentik-remote-cluster/values.yaml | 3 +++ 6 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 charts/authentik-remote-cluster/templates/cluster-role-binding.yaml create mode 100644 charts/authentik-remote-cluster/templates/cluster-role.yaml diff --git a/charts/authentik-remote-cluster/Chart.yaml b/charts/authentik-remote-cluster/Chart.yaml index 459abfd7..3e171f01 100644 --- a/charts/authentik-remote-cluster/Chart.yaml +++ b/charts/authentik-remote-cluster/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 1.2.1 +version: 1.2.2 appVersion: 2023.6.0 name: authentik-remote-cluster description: RBAC required for a remote cluster to be connected to authentik. diff --git a/charts/authentik-remote-cluster/README.md b/charts/authentik-remote-cluster/README.md index 44f974c7..11d0357b 100644 --- a/charts/authentik-remote-cluster/README.md +++ b/charts/authentik-remote-cluster/README.md @@ -5,7 +5,7 @@ --- [![](https://img.shields.io/discord/809154715984199690?label=Discord&style=for-the-badge)](https://goauthentik.io/discord) -![Version: 1.2.1](https://img.shields.io/badge/Version-1.2.1-informational?style=for-the-badge) +![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=for-the-badge) ![AppVersion: 2023.6.0](https://img.shields.io/badge/AppVersion-2023.6.0-informational?style=for-the-badge) RBAC required for a remote cluster to be connected to authentik. @@ -28,6 +28,7 @@ RBAC required for a remote cluster to be connected to authentik. | Key | Type | Default | Description | |-----|------|---------|-------------| | annotations | object | `{}` | | +| clusterRole.enabled | bool | `true` | | | fullnameOverride | string | `""` | | | nameOverride | string | `""` | | | serviceAccountSecret.enabled | bool | `true` | | diff --git a/charts/authentik-remote-cluster/README.md.gotmpl b/charts/authentik-remote-cluster/README.md.gotmpl index ef5d0369..3285369a 100644 --- a/charts/authentik-remote-cluster/README.md.gotmpl +++ b/charts/authentik-remote-cluster/README.md.gotmpl @@ -5,7 +5,7 @@ --- [![](https://img.shields.io/discord/809154715984199690?label=Discord&style=for-the-badge)](https://goauthentik.io/discord) -![Version: 1.2.1](https://img.shields.io/badge/Version-1.2.1-informational?style=for-the-badge) +![Version: 1.2.2](https://img.shields.io/badge/Version-1.2.2-informational?style=for-the-badge) ![AppVersion: 2023.6.0](https://img.shields.io/badge/AppVersion-2023.6.0-informational?style=for-the-badge) {{ template "chart.deprecationWarning" . }} diff --git a/charts/authentik-remote-cluster/templates/cluster-role-binding.yaml b/charts/authentik-remote-cluster/templates/cluster-role-binding.yaml new file mode 100644 index 00000000..0f05d1b3 --- /dev/null +++ b/charts/authentik-remote-cluster/templates/cluster-role-binding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.clusterRole.enabled -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "authentik-remote-cluster.fullname" . }}-{{ .Release.Namespace }} + labels: + {{- include "authentik-remote-cluster.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "authentik-remote-cluster.fullname" . }}-{{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: {{ include "authentik-remote-cluster.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/authentik-remote-cluster/templates/cluster-role.yaml b/charts/authentik-remote-cluster/templates/cluster-role.yaml new file mode 100644 index 00000000..4f24e262 --- /dev/null +++ b/charts/authentik-remote-cluster/templates/cluster-role.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterRole.enabled -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "authentik-remote-cluster.fullname" . }}-{{ .Release.Namespace }} + labels: + {{- include "authentik-remote-cluster.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list +{{- end }} diff --git a/charts/authentik-remote-cluster/values.yaml b/charts/authentik-remote-cluster/values.yaml index dc70c0af..c2ccb66d 100644 --- a/charts/authentik-remote-cluster/values.yaml +++ b/charts/authentik-remote-cluster/values.yaml @@ -5,3 +5,6 @@ annotations: {} serviceAccountSecret: enabled: true + +clusterRole: + enabled: true