diff --git a/charts/entangle/templates/configmap.yaml b/charts/entangle/templates/configmap.yaml index f7b82e2..b4bd67a 100644 --- a/charts/entangle/templates/configmap.yaml +++ b/charts/entangle/templates/configmap.yaml @@ -1,7 +1,19 @@ apiVersion: v1 data: - controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel defines if the leader should step down volume \n# when the Manager ends. This requires the binary to immediately end when the\n# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly\n# speeds up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# In the default scaffold provided, the program ends immediately after \n# the manager stops, so would be fine to enable this option. However, \n# if you are doing or is intended to do any operation such as perform cleanups \n# after the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: true\n" + controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: + ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n + \ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: + true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel + defines if the leader should step down volume \n# when the Manager ends. + This requires the binary to immediately end when the\n# Manager is stopped, + otherwise, this setting is unsafe. Setting this significantly\n# speeds + up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration + time first.\n# In the default scaffold provided, the program ends immediately + after \n# the manager stops, so would be fine to enable this option. However, + \n# if you are doing or is intended to do any operation such as perform + cleanups \n# after the manager stops then its usage might be unsafe.\n# + \ leaderElectionReleaseOnCancel: true\n" kind: ConfigMap metadata: name: entangle-manager-config - namespace: {{ .Release.Namespace }} + namespace: '{{.Release.Namespace}}' diff --git a/charts/entangle/templates/rbac.yaml b/charts/entangle/templates/rbac.yaml index 4038fbf..ee253d3 100644 --- a/charts/entangle/templates/rbac.yaml +++ b/charts/entangle/templates/rbac.yaml @@ -2,39 +2,39 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: entangle-leader-election-role - namespace: {{ .Release.Namespace }} + namespace: '{{.Release.Namespace}}' rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -42,104 +42,142 @@ metadata: creationTimestamp: null name: entangle-manager-role rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - entangle.kairos.io - resources: - - entanglements - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - entangle.kairos.io - resources: - - entanglements/finalizers - verbs: - - update - - apiGroups: - - entangle.kairos.io - resources: - - entanglements/status - verbs: - - get - - patch - - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - create + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - entangle.kairos.io + resources: + - entanglements + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - entangle.kairos.io + resources: + - entanglements/finalizers + verbs: + - update + - apiGroups: + - entangle.kairos.io + resources: + - entanglements/status + verbs: + - get + - patch + - update + - apiGroups: + - entangle.kairos.io + resources: + - vpns + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - entangle.kairos.io + resources: + - vpns/finalizers + verbs: + - update + - apiGroups: + - entangle.kairos.io + resources: + - vpns/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: entangle-metrics-reader rules: - - nonResourceURLs: - - /metrics - verbs: - - get + - nonResourceURLs: + - /metrics + verbs: + - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: entangle-proxy-role rules: - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: entangle-leader-election-rolebinding - namespace: {{ .Release.Namespace }} + namespace: '{{.Release.Namespace}}' roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: entangle-leader-election-role subjects: - - kind: ServiceAccount - name: {{ include "entangle.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -150,9 +188,9 @@ roleRef: kind: ClusterRole name: entangle-manager-role subjects: - - kind: ServiceAccount - name: {{ include "entangle.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -163,6 +201,6 @@ roleRef: kind: ClusterRole name: entangle-proxy-role subjects: - - kind: ServiceAccount - name: {{ include "entangle.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: '{{ include "helm-chart.serviceAccountName" . }}' + namespace: '{{.Release.Namespace}}'