Skip to content

Commit

Permalink
feat: add cluster role and fluxcd crd rules to role (#480)
Browse files Browse the repository at this point in the history 
<!--Thanks for your contribution. See [CONTRIBUTING](CONTRIBUTING.md)
    for Pulumi's contribution guidelines.

    Help us merge your changes more quickly by adding more details such
    as labels, milestones, and reviewers.-->

### Proposed changes

<!--Give us a brief description of what you've done and what it solves.
-->

Hi,

this PR adds optional cluster role support plus adding the FluxCD CR to
the (non-cluster) role


### Related issues (optional)

<!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes
#1234'.
Or link to full URLs to issues or pull requests in other GitHub
repositories. -->

Closes #479
  • Loading branch information
@dirien
dirien authored Mar 6, 2024
1 parent 78e144e commit e7a2bb4
Show file tree
Hide file tree
Showing 6 changed files with 65 additions and 6 deletions.
7 changes: 4 additions & 3 deletions deploy/helm/pulumi-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ home: https://pulumi.com
sources:
- https://github.com/pulumi/pulumi-kubernetes-operator

icon: https://www.pulumi.com/logos/brand/twitter-card.png
icon: https://www.pulumi.com/logos/brand/avatar-on-white.svg

type: application

version: 0.6.0

version: 0.7.0
appVersion: 1.14.0

keywords:
Expand All @@ -25,7 +26,7 @@ maintainers:
annotations:
artifacthub.io/containsSecurityUpdates: "false"
artifacthub.io/changes: |
- Fix nodeSelector, affinity, tolerations in the Helm chart (#548)
- add cluster role and fluxcd crd rules to role
artifacthub.io/images: |
- name: pulumi-kubernetes-operator
image: docker.io/pulumi-kubernetes-operator:v1.14.0
Expand Down
9 changes: 6 additions & 3 deletions deploy/helm/pulumi-operator/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# node-red ⚙

![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 1.14.0](https://img.shields.io/badge/AppVersion-1.14.0-informational?style=for-the-badge)
![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 1.14.0](https://img.shields.io/badge/AppVersion-1.14.0-informational?style=for-the-badge)

## Description 📜

Expand All @@ -11,7 +11,7 @@ A Helm chart for the Pulumi Kubernetes Operator
To install the chart using the OCI artifact, run:

```bash
helm install pulumi-kubernetes-operator oci://ghcr.io/pulumi/helm-charts/pulumi-kubernetes-operator --version 0.6.0
helm install pulumi-kubernetes-operator oci://ghcr.io/pulumi/helm-charts/pulumi-kubernetes-operator --version 0.7.0
```

## Usage
Expand All @@ -27,7 +27,7 @@ helm repo update
To install the chart with the release name `pulumi-kubernetes-operator` run:

```bash
helm install pulumi-kubernetes-operator pulumi-kubernetes-operator/pulumi-kubernetes-operator --version 0.6.0
helm install pulumi-kubernetes-operator pulumi-kubernetes-operator/pulumi-kubernetes-operator --version 0.7.0
```

After a few seconds, the `pulumi-kubernetes-operator` should be running.
Expand Down Expand Up @@ -56,11 +56,14 @@ The command removes all the Kubernetes components associated with the chart and
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | The affinity constraint |
| clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource default: false |
| clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource default: [] |
| controller.args | list | `["--zap-level=error","--zap-time-encoding=iso8601"]` | List of arguments to pass to the operator |
| controller.gracefulShutdownTimeoutDuration | string | `"5m"` | Graceful shutdown timeout duration, default: `5m` |
| controller.kubernetesClusterDomain | string | `"cluster.local"` | Kubernetes Cluster Domain, default: `cluster.local` |
| controller.maxConcurrentReconciles | string | `"10"` | Max concurrent reconciles, default: `10` |
| controller.pulumiInferNamespace | string | `"1"` | Pulumi infer namespace, default: `1` |
| createClusterRole | bool | `true` | Create a ClusterRole resource for the node-red pod. default: false |
| deploymentAnnotations | object | `{}` | Deployment annotations |
| deploymentStrategy | string | `""` | Specifies the strategy used to replace old Pods by new ones, default: `RollingUpdate` |
| extraEnv | list | `[]` | Extra Environments to be passed to the operator |
Expand Down
19 changes: 19 additions & 0 deletions deploy/helm/pulumi-operator/templates/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{- if .Values.createClusterRole }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "pulumi-kubernetes-operator.fullname" . }}
labels:
{{- include "pulumi-kubernetes-operator.labels" . | nindent 4 }}
rules:
{{- if .Values.clusterRoleRules.enabled }}
{{- toYaml .Values.clusterRoleRules.rules | nindent 2 }}
{{- else }}
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
{{- end }}
{{- end }}
17 changes: 17 additions & 0 deletions deploy/helm/pulumi-operator/templates/clusterrolebinding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{- if .Values.createClusterRole }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "pulumi-kubernetes-operator.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "pulumi-kubernetes-operator.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "pulumi-kubernetes-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
kind: ClusterRole
name: {{ include "pulumi-kubernetes-operator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
9 changes: 9 additions & 0 deletions deploy/helm/pulumi-operator/templates/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,3 +88,12 @@ rules:
- get
- list
- update
- apiGroups:
- source.toolkit.fluxcd.io'
resources:
- '*'
verbs:
- get
- list
- watch

10 changes: 10 additions & 0 deletions deploy/helm/pulumi-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ controller:
# -- Extra Environments to be passed to the operator
extraEnv: []

# -- Create a ClusterRole resource for the node-red pod. default: false
createClusterRole: true

## -- Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
clusterRoleRules:
# -- Enable custom rules for the application controller's ClusterRole resource default: false
enabled: false
# -- List of custom rules for the application controller's ClusterRole resource default: []
rules: []

# -- The image pull secrets
imagePullSecrets: ""

Expand Down

0 comments on commit e7a2bb4

Please sign in to comment.