HOTFIX 81a73994

in "namespace mode", the controller still needs cluster wide permissions to monitor all namespaces.

HOTFIX 81a73994
in "namespace mode", the controller still needs cluster wide permissions to monitor all namespaces.
cdb28bac · Nils Goroll · 81a73994 · cdb28bac · cdb28bac · cdb28bac
Unverified Commit cdb28bac authored Sep 03, 2020 by Nils Goroll
3 changed files
--- a/charts/viking-controller/templates/clusterrole_tmp.yaml
+++ b/charts/viking-controller/templates/clusterrole_tmp.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ template "viking-controller.name" . }}
+    helm.sh/chart: {{ template "viking-controller.chart" . }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+  name: viking.uplex.de:{{ template "viking-controller.fullname" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
--- a/charts/viking-controller/templates/clusterrolebinding.yaml
+++ b/charts/viking-controller/templates/clusterrolebinding.yaml
-{{ if not .Values.vikingController.namespace }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -16,4 +15,3 @@ roleRef:
  kind: ClusterRole
  name: viking.uplex.de:{{ template "viking-controller.fullname" . }}
  apiGroup: rbac.authorization.k8s.io
-{{- end }}
--- a/charts/viking-controller/templates/role.yaml
+++ b/charts/viking-controller/templates/role.yaml
@@ -18,7 +18,6 @@ rules:
      - services
      - endpoints
      - secrets
-      - namespaces
    verbs:
      - get
      - list