✨ feat(k8sgpt-rbac.yaml): add new RBAC configuration for k8sgpt operator

.github/workflows/build_container.yaml

@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Extract branch name
         id: extract_branch
@@ -70,11 +70,11 @@ jobs:
       RELEASE_REGISTRY: "localhost:5000/k8sgpt-operator"
     steps:
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
 
       - name: Build Docker Image
         uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5
@@ -96,7 +96,7 @@ jobs:
           outputs: type=docker,dest=/tmp/${{ env.IMAGE_NAME }}-image.tar
 
       - name: Upload image as artifact
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
         with:
           name: ${{ env.IMAGE_NAME }}-image.tar
           path: /tmp/${{ env.IMAGE_NAME }}-image.tar
@@ -115,7 +115,7 @@ jobs:
       contents: read # Needed for checking out the repository
     steps:
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
@@ -126,7 +126,7 @@ jobs:
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
 
       - name: Build Docker Image
         uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5

.github/workflows/release.yaml

@@ -28,7 +28,7 @@ jobs:
     # Release-please creates a PR that tracks all changes
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4
         id: release
@@ -44,7 +44,7 @@ jobs:
     runs-on: ubuntu-latest
     if: needs.release-please.outputs.releases_created == 'true'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
       - name: Publish Helm chart
         uses: stefanprodan/helm-gh-pages@master
         with:
@@ -71,13 +71,13 @@ jobs:
       IMAGE_NAME: k8sgpt-operator
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           submodules: recursive
 
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3
+        uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3
@@ -101,7 +101,7 @@ jobs:
           cache-to: type=gha,scope=${{ github.ref_name }}-${{ env.IMAGE_TAG }}
 
       - name: Generate SBOM
-        uses: anchore/sbom-action@ab5d7b5f48981941c4c5d6bf33aeb98fe3bae38c # v0.15.10
+        uses: anchore/sbom-action@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
         with:
           image: ${{ env.IMAGE_TAG }}
           artifact-name: sbom-${{ env.IMAGE_NAME }}

.github/workflows/test.yaml

@@ -13,7 +13,7 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
 
       - name: Set up Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
@@ -27,11 +27,11 @@ jobs:
     name: Test Helm Chart
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
         with:
           fetch-depth: 0
       - name: Set up Helm
-        uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4
+        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4
         with:
           version: v3.11.2
 
@@ -59,7 +59,7 @@ jobs:
 
       - name: Create kind cluster
         if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0
+        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
 
       - name: Run chart-testing (install)
         if: steps.list-changed.outputs.changed == 'true'

.release-please-manifest.json

@@ -1 +1 @@
-{".":"0.1.2"}
+{".":"0.1.3"}

CHANGELOG.md

@@ -1,5 +1,21 @@
 # Changelog
 
+## [0.1.3](https://github.com/k8sgpt-ai/k8sgpt-operator/compare/v0.1.2...v0.1.3) (2024-04-04)
+
+
+### Bug Fixes
+
+* **deps:** update module github.com/onsi/ginkgo/v2 to v2.17.1 ([#384](https://github.com/k8sgpt-ai/k8sgpt-operator/issues/384)) ([9168561](https://github.com/k8sgpt-ai/k8sgpt-operator/commit/916856132989e159545df770024fceb1bc8e9881))
+* **deps:** update module google.golang.org/grpc to v1.63.0 ([#401](https://github.com/k8sgpt-ai/k8sgpt-operator/issues/401)) ([d1b5cbf](https://github.com/k8sgpt-ai/k8sgpt-operator/commit/d1b5cbf517f9e8e5c2fd78088863a93813d9dab0))
+
+
+### Other
+
+* **deps:** update actions/setup-python digest to 82c7e63 ([#387](https://github.com/k8sgpt-ai/k8sgpt-operator/issues/387)) ([ae46b74](https://github.com/k8sgpt-ai/k8sgpt-operator/commit/ae46b74716805ae74fba22616c78d061cc853d5b))
+* **deps:** update anchore/sbom-action action to v0.15.10 ([#388](https://github.com/k8sgpt-ai/k8sgpt-operator/issues/388)) ([a6e6070](https://github.com/k8sgpt-ai/k8sgpt-operator/commit/a6e607006bae0f356e29fc921db3898a7991f9d6))
+* **deps:** update gcr.io/kubebuilder/kube-rbac-proxy docker tag to v0.16.0 ([#396](https://github.com/k8sgpt-ai/k8sgpt-operator/issues/396)) ([8bf0f7a](https://github.com/k8sgpt-ai/k8sgpt-operator/commit/8bf0f7a9664eabe95075d59974df0312f9a7238a))
+* small update to fix linter ([#403](https://github.com/k8sgpt-ai/k8sgpt-operator/issues/403)) ([7078643](https://github.com/k8sgpt-ai/k8sgpt-operator/commit/7078643c0db10d6ad426955a8cfacb7c1c24762c))
+
 ## [0.1.2](https://github.com/k8sgpt-ai/k8sgpt-operator/compare/v0.1.1...v0.1.2) (2024-03-28)
 
 

Makefile

@@ -162,7 +162,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.11.1
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
@@ -190,4 +190,4 @@ $(ENVTEST): $(LOCALBIN)
 .PHONY: coverage
 coverage: generate fmt vet manifests ## Run code coverage
 	go test -v -cover ./... -coverprofile coverage.out | grep -v /chart/ | grep -v /images/ | grep -v /charts/ | grep -v /config/ | grep -v /hack/ | grep -v /test/ | grep -v /vendor/
-	go tool cover -html=coverage.out -o coverage.html
+	go tool cover -html=coverage.out -o coverage.html

README.md

@@ -280,12 +280,11 @@ EOF
 
 <summary>Amazon Bedrock</summary>
 
-</details>
 1. Install the operator from the [Installation](#installation) section.
 
 2. Create secret:
 ```sh 
-kubectl create secret generic bedrock-sample-secret --from-literal=AWS_ACCESS_KEY_ID="$(echo $AWS_ACCESS_KEY_ID)" --from-literal=AWS_ACCESS_KEY="$(echo $AWS_ACCESS_KEY)" -n k8sgpt-operator-system
+kubectl create secret generic bedrock-sample-secret --from-literal=AWS_ACCESS_KEY_ID="$(echo $AWS_ACCESS_KEY_ID)" --from-literal=AWS_SECRET_ACCESS_KEY="$(echo $AWS_SECRET_ACCESS_KEY)" -n k8sgpt-operator-system
 ```
 3. Apply the K8sGPT configuration object:
 ```
@@ -309,6 +308,8 @@ spec:
 EOF
 ```
 
+</details>
+
 <details>
 
 <summary>LocalAI</summary>

api/v1alpha1/k8sgpt_types.go

@@ -82,7 +82,7 @@ type BackOff struct {
 
 type AISpec struct {
 	// +kubebuilder:default:=openai
-	// +kubebuilder:validation:Enum=openai;localai;azureopenai;amazonbedrock;cohere;amazonsagemaker
+	// +kubebuilder:validation:Enum=openai;localai;azureopenai;amazonbedrock;cohere;amazonsagemaker;google;googlevertexai
 	Backend string   `json:"backend"`
 	BackOff *BackOff `json:"backOff,omitempty"`
 	BaseUrl string   `json:"baseUrl,omitempty"`
@@ -138,6 +138,8 @@ const (
 	AmazonBedrock   = "amazonbedrock"
 	AmazonSageMaker = "AmazonSageMaker"
 	Cohere          = "cohere"
+	Google          = "google"
+	GoogleVertexAI  = "googlevertexai"
 )
 
 // K8sGPTStatus defines the observed state of K8sGPT

chart/operator/Chart.yaml

@@ -14,5 +14,5 @@ annotations:
   artifacthub.io/license: Apache-2.0
   artifacthub.io/categories: monitoring-logging
 type: application
-version: 0.1.2
+version: 0.1.3
 appVersion: 0.0.26

chart/operator/README.md

@@ -22,7 +22,7 @@ The following table lists the configurable parameters of the K8sgpt-operator cha
 | `controllerManager.kubeRbacProxy.containerSecurityContext.allowPrivilegeEscalation` |  | `false` |
 | `controllerManager.kubeRbacProxy.containerSecurityContext.capabilities.drop` |  | `["ALL"]` |
 | `controllerManager.kubeRbacProxy.image.repository` |  | `"gcr.io/kubebuilder/kube-rbac-proxy"` |
-| `controllerManager.kubeRbacProxy.image.tag` |  | `"v0.1.2"` |
+| `controllerManager.kubeRbacProxy.image.tag` |  | `"v0.1.3"` |
 | `controllerManager.kubeRbacProxy.resources.limits.cpu` |  | `"500m"` |
 | `controllerManager.kubeRbacProxy.resources.limits.memory` |  | `"128Mi"` |
 | `controllerManager.kubeRbacProxy.resources.requests.cpu` |  | `"5m"` |
@@ -31,7 +31,7 @@ The following table lists the configurable parameters of the K8sgpt-operator cha
 | `controllerManager.manager.containerSecurityContext.allowPrivilegeEscalation` |  | `false` |
 | `controllerManager.manager.containerSecurityContext.capabilities.drop` |  | `["ALL"]` |
 | `controllerManager.manager.image.repository` |  | `"ghcr.io/k8sgpt-ai/k8sgpt-operator"` |
-| `controllerManager.manager.image.tag` | x-release-please-version | `"v0.1.2"` |
+| `controllerManager.manager.image.tag` | x-release-please-version | `"v0.1.3"` |
 | `controllerManager.manager.resources.limits.cpu` |  | `"500m"` |
 | `controllerManager.manager.resources.limits.memory` |  | `"128Mi"` |
 | `controllerManager.manager.resources.requests.cpu` |  | `"10m"` |

chart/operator/templates/k8sgpt-cluster-role-binding.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "chart.fullname" . }}-k8sgpt
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "chart.fullname" . }}-k8sgpt
+subjects:
+  - kind: ServiceAccount
+    name: "k8sgpt"
+    namespace: {{ .Release.Namespace }}

chart/operator/templates/k8sgpt-cluster-role.yaml

@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "chart.fullname" . }}-k8sgpt
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - create
+      - list
+      - get
+      - watch
+      - delete
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - '*'
+    verbs:
+      - '*'

chart/operator/templates/k8sgpt-crd.yaml

@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
 metadata:
   name: k8sgpts.core.k8sgpt.ai
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.1
+    controller-gen.kubebuilder.io/version: v0.14.0
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 spec:
@@ -62,6 +62,8 @@ spec:
                     - amazonbedrock
                     - cohere
                     - amazonsagemaker
+                    - google
+                    - googlevertexai
                     type: string
                   baseUrl:
                     type: string
@@ -209,4 +211,4 @@ status:
     kind: ""
     plural: ""
   conditions: []
-  storedVersions: []
+  storedVersions: []

chart/operator/templates/k8sgpt-sa.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "k8sgpt"
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: k8sgpt-operator
+    app.kubernetes.io/part-of: k8sgpt-operator
+    {{- include "chart.labels" . | nindent 4 }}
+

chart/operator/templates/manager-rbac.yaml

@@ -55,12 +55,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - '*'
-  verbs:
-  - '*'
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

chart/operator/templates/result-crd.yaml

@@ -3,7 +3,7 @@ kind: CustomResourceDefinition
 metadata:
   name: results.core.k8sgpt.ai
   annotations:
-    controller-gen.kubebuilder.io/version: v0.11.1
+    controller-gen.kubebuilder.io/version: v0.14.0
   labels:
   {{- include "chart.labels" . | nindent 4 }}
 spec:
@@ -96,4 +96,4 @@ status:
     kind: ""
     plural: ""
   conditions: []
-  storedVersions: []
+  storedVersions: []

chart/operator/values.yaml

@@ -28,7 +28,7 @@ controllerManager:
         - ALL
     image:
       repository: gcr.io/kubebuilder/kube-rbac-proxy
-      tag: v0.15.0
+      tag: v0.16.0
     resources:
       limits:
         cpu: 500m
@@ -45,7 +45,7 @@ controllerManager:
         - ALL
     image:
       repository: ghcr.io/k8sgpt-ai/k8sgpt-operator
-      tag: v0.1.2  # x-release-please-version
+      tag: v0.1.3  # x-release-please-version
     resources:
       limits:
         cpu: 500m