✨ feat(k8sgpt-rbac.yaml): add new RBAC configuration for k8sgpt operator #274
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MateSousa
force-pushed
the
feat-migrate-all-rbac-to-helm-chart-template
branch
from
c10bae6 to
6f8189f
Compare
arbreezy
requested changes
Nov 26, 2023
|
@MateSousa you want also to remove the permissions of the operator's cluster role cause operator won't manage anymore the k8sgpt's role creation right? |
The new RBAC configuration file is added to define the permissions for the k8sgpt operator. This includes a ClusterRole, a ClusterRoleBinding, and a ServiceAccount. The ClusterRole defines the permissions that the operator has, such as creating, listing, getting, watching, and deleting resources. The ClusterRoleBinding binds the ClusterRole to the ServiceAccount, which represents the operator in the Kubernetes cluster. This setup ensures that the operator has the necessary permissions to function correctly, improving the security and functionality of the application. Signed-off-by: MateSousa <[email protected]>
… role binding functions The service account, cluster role, and cluster role binding functions were removed from the k8sgpt.go file. These functions were creating a service account, cluster role, and cluster role binding for K8sGPT, but they are no longer needed. Signed-off-by: MateSousa <[email protected]>
Signed-off-by: MateSousa <[email protected]>
…oleBinding configuration The new ClusterRoleBinding configuration file is added to manage permissions for the service account "k8sgpt". This change allows the service account to have the necessary permissions to perform its tasks within the specified namespace, improving the security and management of the Kubernetes cluster. Signed-off-by: MateSousa <[email protected]>
…h extensive permissions A new Kubernetes cluster role has been added to provide extensive permissions for the application. This role includes permissions to create, list, get, watch, and delete resources across all API groups. This is necessary to ensure that the application has the necessary permissions to interact with the Kubernetes API and manage resources effectively. Signed-off-by: MateSousa <[email protected]>
Signed-off-by: MateSousa <[email protected]>
The new ServiceAccount 'k8sgpt' is created to provide identity for processes that run in a Pod. This is crucial for the k8sgpt-operator to interact with Kubernetes APIs. The ServiceAccount is labeled with metadata to indicate its component, creator, and the part of the application it belongs to, which aids in better resource management and tracking. Signed-off-by: MateSousa <[email protected]>
Signed-off-by: MateSousa <[email protected]>
MateSousa
force-pushed
the
feat-migrate-all-rbac-to-helm-chart-template
branch
from
2b3e62b to
dcafac4
Compare
@arbreezy you're right, i just removed |
|
Apologies @MateSousa , I forgot that we didn't merge this PR; overall looks good ! can you please resolve the conflicts and I will test a bit more before we merge it |
Signed-off-by: Matheus Sousa <[email protected]>
|
@arbreezy done |
arbreezy
requested changes
Mar 30, 2024
There was a problem hiding this comment.
@MateSousa , I think you override an existing functionality here.
arbreezy
reviewed
Mar 30, 2024
pkg/resources/k8sgpt.go
Outdated
| objs = append(objs, svc) | ||
|
|
||
| deployment, er := GetDeployment(config, outOfClusterMode, c) | ||
| deployment, er := GetDeployment(config) |
|
Hey @MateSousa I am happy to properly resolve the previous conflicts and get this merged. |
|
Hey @arbreezy, sorry for delay, I was sick... I'm going to fix that today. |
@MateSousa hope you are feeling better ! |
2 tasks
|
@MateSousa, happy to help with this PR if you don't have time, it's almost ready to be merged |
Signed-off-by: Matheus Sousa <[email protected]>
…v0.16.0 (k8sgpt-ai#396) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: Aaron Miller <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: Alex Jones <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: Alex Jones <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
…#401) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
This commit adds `google` to the list of supported AI backends. Fixes: k8sgpt-ai#347 Signed-off-by: VaibhavMalik4187 <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
…#409) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
…ffers/go to v1.33.0-20240406062209-1cc152efbf5c.1 (k8sgpt-ai#405) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
… v1.3.0-20240406062209-1cc152efbf5c.2 (k8sgpt-ai#404) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Now, the result crd will be generated in the target namespace instead of k8sgpt config namespace. Addresses: k8sgpt-ai#390 Signed-off-by: VaibhavMalik4187 <[email protected]> Co-authored-by: Aris Boutselis <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
…-ai#416) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
This commit bumps the `controller-gen` and `controller-tools` version in the helm charts, make file to `v0.14.0` This gets rid of version specific errors caused due to the `sigs.k8s.io/controller-tools/cmd/[email protected]` package. Signed-off-by: VaibhavMalik4187 <[email protected]> Co-authored-by: Aris Boutselis <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.21.0 to 0.23.0. - [Commits](golang/net@v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aris Boutselis <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
…gpt-ai#408) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Alex Jones <[email protected]> Co-authored-by: Aris Boutselis <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
…#417) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
* fix: change deployment image reconciling Signed-off-by: ultram4rine <[email protected]> * improve image reconciling Signed-off-by: ultram4rine <[email protected]> --------- Signed-off-by: ultram4rine <[email protected]> Co-authored-by: Aris Boutselis <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
…#427) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
…-ai#423) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Aris Boutselis <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
There was a misplaced details block causing the Bedrock section not to function as expected. Signed-off-by: Rob Heckel <[email protected]> Signed-off-by: Matheus Sousa <[email protected]>
…ffers/go to v1.34.0-20240406062209-1cc152efbf5c.1 (k8sgpt-ai#432) Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Matheus Sousa <[email protected]>
Signed-off-by: Matheus Sousa <[email protected]>
MateSousa
force-pushed
the
feat-migrate-all-rbac-to-helm-chart-template
branch
from
8d30956 to
acb8011
Compare
|
@arbreezy hey, it looks like I made a huge mess, I'm going to create a new PR, sorry :( |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #259
📑 Description
Migrate all RBAC related resources to Helm chart's templates
✅ Checks
ℹ Additional Information