[create-pull-request] automated change

porter-dev · Feb 9, 2024 · cb4ed96 · cb4ed96
1 parent a0b04b8
commit cb4ed96
Show file tree

Hide file tree

Showing 10 changed files with 187 additions and 108 deletions.
diff --git a/addons/pipes-chart/Chart.yaml b/addons/pipes-chart/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: pipes-chart
 description: A Helm chart for the ACK service controller for Amazon EventBridge Pipes (Pipes)
-version: 1.0.3
-appVersion: 1.0.3
+version: 1.0.4
+appVersion: 1.0.4
 home: https://github.com/aws-controllers-k8s/pipes-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

diff --git a/addons/pipes-chart/crds/services.k8s.aws_adoptedresources.yaml b/addons/pipes-chart/crds/services.k8s.aws_adoptedresources.yaml
@@ -161,10 +161,10 @@ spec:
                               description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                               type: string
                             name:
-                              description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
                               type: string
                             uid:
-                              description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
                               type: string
                           required:
                           - apiVersion

diff --git a/addons/pipes-chart/templates/NOTES.txt b/addons/pipes-chart/templates/NOTES.txt
@@ -1,5 +1,5 @@
 {{ .Chart.Name }} has been installed.
-This chart deploys "public.ecr.aws/aws-controllers-k8s/pipes-controller:1.0.3".
+This chart deploys "public.ecr.aws/aws-controllers-k8s/pipes-controller:1.0.4".
 
 Check its status by running:
   kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"

diff --git a/addons/pipes-chart/templates/_helpers.tpl b/addons/pipes-chart/templates/_helpers.tpl
@@ -46,3 +46,94 @@ If release name contains chart name it will be used as a full name.
 {{- define "aws.credentials.path" -}}
 {{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}}
 {{- end -}}
+
+{{/* The rules a of ClusterRole or Role */}}
+{{- define "controller-role-rules" }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - pipes.services.k8s.aws
+  resources:
+  - pipes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - pipes.services.k8s.aws
+  resources:
+  - pipes/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - adoptedresources
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - adoptedresources/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - fieldexports
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - fieldexports/status
+  verbs:
+  - get
+  - patch
+  - update
+{{- end }}
diff --git a/addons/pipes-chart/templates/caches-role-binding.yaml b/addons/pipes-chart/templates/caches-role-binding.yaml
@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ack-namespaces-cache-pipes-controller
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: ack-namespaces-cache-pipes-controller
+subjects:
+- kind: ServiceAccount
+  name: ack-pipes-controller
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ack-configmaps-cache-pipes-controller
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  apiGroup: rbac.authorization.k8s.io
+  name: ack-configmaps-cache-pipes-controller
+subjects:
+- kind: ServiceAccount
+  name: ack-pipes-controller
+  namespace: {{ .Release.Namespace }}
diff --git a/addons/pipes-chart/templates/caches-role.yaml b/addons/pipes-chart/templates/caches-role.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ack-namespaces-cache-pipes-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ack-configmaps-cache-pipes-controller
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/addons/pipes-chart/templates/cluster-role-binding.yaml b/addons/pipes-chart/templates/cluster-role-binding.yaml
@@ -1,21 +1,35 @@
-apiVersion: rbac.authorization.k8s.io/v1
 {{ if eq .Values.installScope "cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "app.fullname" . }}
 roleRef:
   kind: ClusterRole
-{{ else }}
+  apiGroup: rbac.authorization.k8s.io
+  name: ack-pipes-controller
+subjects:
+- kind: ServiceAccount
+  name: {{ include "service-account.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ else if .Values.watchNamespace }}
+{{ $namespaces := split "," .Values.watchNamespace }}
+{{ $fullname := include "app.fullname" .  }}
+{{ $releaseNamespace := .Release.Namespace }}
+{{ $serviceAccountName := include "service-account.name" .  }}
+{{ range $namespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "app.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ $fullname }}
+  namespace: {{ . }}
 roleRef:
   kind: Role
-{{ end }}
   apiGroup: rbac.authorization.k8s.io
   name: ack-pipes-controller
 subjects:
 - kind: ServiceAccount
-  name: {{ include "service-account.name" . }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ $serviceAccountName }}
+  namespace: {{ $releaseNamespace }}
+{{ end }}
+{{ end }}
diff --git a/addons/pipes-chart/templates/cluster-role-controller.yaml b/addons/pipes-chart/templates/cluster-role-controller.yaml
@@ -1,108 +1,28 @@
-apiVersion: rbac.authorization.k8s.io/v1
+{{ $labels := .Values.role.labels }}
+{{ $rules := include "controller-role-rules" . }}
 {{ if eq .Values.installScope "cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: ack-pipes-controller
   labels:
-  {{- range $key, $value := .Values.role.labels }}
+  {{- range $key, $value := $labels }}
     {{ $key }}: {{ $value | quote }}
   {{- end }}
-{{ else }}
+{{- $rules }}
+{{ else if .Values.watchNamespace }}
+{{ $namespaces := split "," .Values.watchNamespace }}
+{{ range $namespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  creationTimestamp: null
   name: ack-pipes-controller
+  namespace: {{ . }}
   labels:
-  {{- range $key, $value := .Values.role.labels }}
+  {{- range $key, $value := $labels }}
     {{ $key }}: {{ $value | quote }}
   {{- end }}
-  namespace: {{ .Release.Namespace }}
+{{- $rules }}
 {{ end }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - pipes.services.k8s.aws
-  resources:
-  - pipes
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - pipes.services.k8s.aws
-  resources:
-  - pipes/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - adoptedresources
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - adoptedresources/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - fieldexports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - fieldexports/status
-  verbs:
-  - get
-  - patch
-  - update
+{{ end }}
diff --git a/addons/pipes-chart/templates/role-writer.yaml b/addons/pipes-chart/templates/role-writer.yaml
@@ -10,7 +10,6 @@ rules:
   - pipes.services.k8s.aws
   resources:
   - pipes
-
   verbs:
   - create
   - delete

diff --git a/addons/pipes-chart/values.yaml b/addons/pipes-chart/values.yaml
@@ -4,7 +4,7 @@
 
 image:
   repository: public.ecr.aws/aws-controllers-k8s/pipes-controller
-  tag: 1.0.3
+  tag: 1.0.4
   pullPolicy: IfNotPresent
   pullSecrets: []
 
@@ -107,6 +107,7 @@ installScope: cluster
 
 # Set the value of the "namespace" to be watched by the controller
 # This value is only used when the `installScope` is set to "namespace". If left empty, the default value is the release namespace for the chart.
+# You can set multiple namespaces by providing a comma separated list of namespaces. e.g "namespace1,namespace2"
 watchNamespace: ""
 
 resourceTags: