From 08e78e341e3f4f2e7a0acd3908ff00e8a3d669dd Mon Sep 17 00:00:00 2001 From: Aviram Hassan Date: Fri, 22 Nov 2024 13:17:59 +0200 Subject: [PATCH 1/3] add the option to add labels to mirrord user roles --- mirrord-operator/Chart.yaml | 2 +- mirrord-operator/templates/cluster-role.yaml | 6 +++++ .../templates/namespaced-role.yaml | 3 +++ mirrord-operator/values.yaml | 14 +++++++++++ test_values/operator_role_labels.yaml | 25 +++++++++++++++++++ 5 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 test_values/operator_role_labels.yaml diff --git a/mirrord-operator/Chart.yaml b/mirrord-operator/Chart.yaml index dfe8e32..cd25cb6 100644 --- a/mirrord-operator/Chart.yaml +++ b/mirrord-operator/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.10.6 +version: 1.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/mirrord-operator/templates/cluster-role.yaml b/mirrord-operator/templates/cluster-role.yaml index 134090b..2a3fd67 100644 --- a/mirrord-operator/templates/cluster-role.yaml +++ b/mirrord-operator/templates/cluster-role.yaml @@ -156,6 +156,9 @@ metadata: name: mirrord-operator-user labels: {{- include "mirrord-operator.labels" . | nindent 4 }} + {{- if .Values.operator.podLabels }} + {{- toYaml .Values.clusterRole.mirrord-operator-user | nindent 4 }} + {{- end }} rules: {{- include "mirrord-operator.rules" . | nindent 0 }} {{- include "mirrord-operator.clusterRules" . | nindent 0 }} @@ -166,5 +169,8 @@ metadata: name: mirrord-operator-user-basic labels: {{- include "mirrord-operator.labels" . | nindent 4 }} + {{- if .Values.operator.podLabels }} + {{- toYaml .Values.clusterRole.mirrord-operator-user-basic | nindent 4 }} + {{- end }} rules: {{- include "mirrord-operator.clusterRules" . | nindent 0 }} diff --git a/mirrord-operator/templates/namespaced-role.yaml b/mirrord-operator/templates/namespaced-role.yaml index 6813714..11f86f1 100644 --- a/mirrord-operator/templates/namespaced-role.yaml +++ b/mirrord-operator/templates/namespaced-role.yaml @@ -6,6 +6,9 @@ metadata: namespace: {{.}} labels: {{- include "mirrord-operator.labels" $ | nindent 4 }} + {{- if .Values.operator.podLabels }} + {{- toYaml .Values.role.mirrord-operator-user | nindent 4 }} + {{- end }} rules: {{- include "mirrord-operator.rules" . | nindent 0 }} --- diff --git a/mirrord-operator/values.yaml b/mirrord-operator/values.yaml index 550db17..ae3644d 100644 --- a/mirrord-operator/values.yaml +++ b/mirrord-operator/values.yaml @@ -13,6 +13,20 @@ createNamespace: true ## and it can be bound via rolebinding (That you need to create yourself). roleNamespaces: [] +role: + # Note there's a cluster role version of it below. + mirrord-operator-user: + # add labels to the role, for i.e aggregate RBAC + labels: {} + +clusterRole: + mirrord-operator-user-basic: + # add labels to the role, for i.e aggregate RBAC + labels: {} + mirrord-operator-user: + # add labels to the role, for i.e aggregate RBAC + labels: {} + operator: image: ghcr.io/metalbear-co/operator podAnnotations: {} diff --git a/test_values/operator_role_labels.yaml b/test_values/operator_role_labels.yaml new file mode 100644 index 0000000..720e20c --- /dev/null +++ b/test_values/operator_role_labels.yaml @@ -0,0 +1,25 @@ +license: + file: + secret: mirrord-operator-license + data: + license.pem: "DOESN'TNEEDTOBOOTSOITCANBEINVALID" + +role: + # Note there's a cluster role version of it below. + mirrord-operator-user: + # add labels to the role, for i.e aggregate RBAC + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + +clusterRole: + mirrord-operator-user-basic: + # add labels to the role, for i.e aggregate RBAC + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + mirrord-operator-user: + # add labels to the role, for i.e aggregate RBAC + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" \ No newline at end of file From b49d39785f577efa03b6f1cf75b503d40ff0e56f Mon Sep 17 00:00:00 2001 From: Aviram Hassan Date: Fri, 22 Nov 2024 13:24:11 +0200 Subject: [PATCH 2/3] .. --- mirrord-operator/templates/cluster-role.yaml | 8 ++++---- mirrord-operator/templates/namespaced-role.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mirrord-operator/templates/cluster-role.yaml b/mirrord-operator/templates/cluster-role.yaml index 2a3fd67..1e881b8 100644 --- a/mirrord-operator/templates/cluster-role.yaml +++ b/mirrord-operator/templates/cluster-role.yaml @@ -156,8 +156,8 @@ metadata: name: mirrord-operator-user labels: {{- include "mirrord-operator.labels" . | nindent 4 }} - {{- if .Values.operator.podLabels }} - {{- toYaml .Values.clusterRole.mirrord-operator-user | nindent 4 }} + {{- if index .Values.clusterRole "mirrord-operator-user" }} + {{- toYaml (index .Values.clusterRole "mirrord-operator-user") | nindent 4 }} {{- end }} rules: {{- include "mirrord-operator.rules" . | nindent 0 }} @@ -169,8 +169,8 @@ metadata: name: mirrord-operator-user-basic labels: {{- include "mirrord-operator.labels" . | nindent 4 }} - {{- if .Values.operator.podLabels }} - {{- toYaml .Values.clusterRole.mirrord-operator-user-basic | nindent 4 }} + {{- if index .Values.clusterRole "mirrord-operator-user-basic" }} + {{- toYaml (index .Values.clusterRole "mirrord-operator-user-basic") | nindent 4 }} {{- end }} rules: {{- include "mirrord-operator.clusterRules" . | nindent 0 }} diff --git a/mirrord-operator/templates/namespaced-role.yaml b/mirrord-operator/templates/namespaced-role.yaml index 11f86f1..8817bc8 100644 --- a/mirrord-operator/templates/namespaced-role.yaml +++ b/mirrord-operator/templates/namespaced-role.yaml @@ -6,8 +6,8 @@ metadata: namespace: {{.}} labels: {{- include "mirrord-operator.labels" $ | nindent 4 }} - {{- if .Values.operator.podLabels }} - {{- toYaml .Values.role.mirrord-operator-user | nindent 4 }} + {{- if index .Values.role "mirrord-operator-user" }} + {{- toYaml (index .Values.role "mirrord-operator-user") | nindent 4 }} {{- end }} rules: {{- include "mirrord-operator.rules" . | nindent 0 }} From 32e711a6c212968728df3365267bbc2772d7a698 Mon Sep 17 00:00:00 2001 From: Aviram Hassan Date: Fri, 22 Nov 2024 13:34:44 +0200 Subject: [PATCH 3/3] .. --- mirrord-operator/templates/cluster-role.yaml | 8 ++++---- mirrord-operator/templates/namespaced-role.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/mirrord-operator/templates/cluster-role.yaml b/mirrord-operator/templates/cluster-role.yaml index 1e881b8..0906ff6 100644 --- a/mirrord-operator/templates/cluster-role.yaml +++ b/mirrord-operator/templates/cluster-role.yaml @@ -156,8 +156,8 @@ metadata: name: mirrord-operator-user labels: {{- include "mirrord-operator.labels" . | nindent 4 }} - {{- if index .Values.clusterRole "mirrord-operator-user" }} - {{- toYaml (index .Values.clusterRole "mirrord-operator-user") | nindent 4 }} + {{- if index .Values.clusterRole "mirrord-operator-user" "labels" }} + {{- toYaml (index .Values.clusterRole "mirrord-operator-user" "labels") | nindent 4 }} {{- end }} rules: {{- include "mirrord-operator.rules" . | nindent 0 }} @@ -169,8 +169,8 @@ metadata: name: mirrord-operator-user-basic labels: {{- include "mirrord-operator.labels" . | nindent 4 }} - {{- if index .Values.clusterRole "mirrord-operator-user-basic" }} - {{- toYaml (index .Values.clusterRole "mirrord-operator-user-basic") | nindent 4 }} + {{- if index .Values.clusterRole "mirrord-operator-user-basic" "labels" }} + {{- toYaml (index .Values.clusterRole "mirrord-operator-user-basic" "labels") | nindent 4 }} {{- end }} rules: {{- include "mirrord-operator.clusterRules" . | nindent 0 }} diff --git a/mirrord-operator/templates/namespaced-role.yaml b/mirrord-operator/templates/namespaced-role.yaml index 8817bc8..e926d0c 100644 --- a/mirrord-operator/templates/namespaced-role.yaml +++ b/mirrord-operator/templates/namespaced-role.yaml @@ -6,8 +6,8 @@ metadata: namespace: {{.}} labels: {{- include "mirrord-operator.labels" $ | nindent 4 }} - {{- if index .Values.role "mirrord-operator-user" }} - {{- toYaml (index .Values.role "mirrord-operator-user") | nindent 4 }} + {{- if index .Values.role "mirrord-operator-user" "labels" }} + {{- toYaml (index .Values.role "mirrord-operator-user" "labels") | nindent 4 }} {{- end }} rules: {{- include "mirrord-operator.rules" . | nindent 0 }}