added flag for extraResources

Signed-off-by: Ved Ratan <[email protected]>
nirmata · Jul 17, 2024 · 7095c7f · 7095c7f
1 parent 756eb1d
commit 7095c7f
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 2 deletions.
diff --git a/charts/kyverno/templates/admission-controller/clusterrole.yaml b/charts/kyverno/templates/admission-controller/clusterrole.yaml
@@ -94,6 +94,9 @@ rules:
       - subjectaccessreviews
     verbs:
       - create
+{{- with .Values.admissionController.rbac.coreClusterRole.extraResources }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 {{- with .Values.admissionController.rbac.clusterRole.extraResources }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/charts/kyverno/templates/background-controller/clusterrole.yaml b/charts/kyverno/templates/background-controller/clusterrole.yaml
@@ -74,7 +74,10 @@ rules:
       - update
       - patch
       - delete
-{{- with .Values.backgroundController.rbac.clusterRole.extraResources }}
+{{- with .Values.admissionController.rbac.coreClusterRole.extraResources }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.admissionController.rbac.clusterRole.extraResources }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

diff --git a/charts/kyverno/templates/reports-controller/clusterrole.yaml b/charts/kyverno/templates/reports-controller/clusterrole.yaml
@@ -58,7 +58,10 @@ rules:
     verbs:
       - create
       - patch
-{{- with .Values.reportsController.rbac.clusterRole.extraResources }}
+{{- with .Values.admissionController.rbac.coreClusterRole.extraResources }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.admissionController.rbac.clusterRole.extraResources }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole

diff --git a/charts/kyverno/values.yaml b/charts/kyverno/values.yaml
@@ -570,6 +570,20 @@ admissionController:
       annotations: {}
         # example.com/annotation: value
 
+    coreClusterRole:
+      # -- Extra resource permissions to add in the core cluster role.
+      # This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`.
+      # @default -- See [values.yaml](values.yaml)
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
+
     clusterRole:
       # -- Extra resource permissions to add in the cluster role
       extraResources: []
@@ -907,6 +921,20 @@ backgroundController:
       annotations: {}
         # example.com/annotation: value
 
+    coreClusterRole:
+      # -- Extra resource permissions to add in the core cluster role.
+      # This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`.
+      # @default -- See [values.yaml](values.yaml)
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
+
     clusterRole:
       # -- Extra resource permissions to add in the cluster role
       extraResources: []
@@ -1126,6 +1154,20 @@ cleanupController:
       annotations: {}
         # example.com/annotation: value
 
+    coreClusterRole:
+      # -- Extra resource permissions to add in the core cluster role.
+      # This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`.
+      # @default -- See [values.yaml](values.yaml)
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
+
     clusterRole:
       # -- Extra resource permissions to add in the cluster role
       extraResources: []
@@ -1398,6 +1440,20 @@ reportsController:
       annotations: {}
         # example.com/annotation: value
 
+    coreClusterRole:
+      # -- Extra resource permissions to add in the core cluster role.
+      # This was introduced to avoid breaking change in the chart but should ideally be moved in `clusterRole.extraResources`.
+      # @default -- See [values.yaml](values.yaml)
+      extraResources:
+        - apiGroups:
+            - '*'
+          resources:
+            - '*'
+          verbs:
+            - get
+            - list
+            - watch
+
     clusterRole:
       # -- Extra resource permissions to add in the cluster role
       extraResources: []

diff --git a/config/install-latest-testing.yaml b/config/install-latest-testing.yaml
@@ -34060,6 +34060,14 @@ rules:
       - subjectaccessreviews
     verbs:
       - create
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - get
+    - list
+    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -34143,6 +34151,14 @@ rules:
       - update
       - patch
       - delete
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - get
+    - list
+    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -34507,6 +34523,14 @@ rules:
     verbs:
       - create
       - patch
+  - apiGroups:
+    - '*'
+    resources:
+    - '*'
+    verbs:
+    - get
+    - list
+    - watch
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1