Merge branch 'main' into BGD-5677-spark-operator-security-patching-ef…

…fort
spotinst · Sep 15, 2024 · 464e659 · 464e659
2 parents 18589fc + 92f45be
commit 464e659
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 1 deletion.
diff --git a/charts/bigdata-notebook-service/Chart.yaml b/charts/bigdata-notebook-service/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: bigdata-notebook-service
 description: A Helm chart for the Spot Big Data Notebook Service
 type: application
-version: 0.4.1
+version: 0.4.2
 appVersion: 0.83.0
 home: https://github.com/spotinst/charts
 icon: https://docs.spot.io/_media/images/spot_mark.png

diff --git a/charts/bigdata-notebook-service/Readme.md b/charts/bigdata-notebook-service/Readme.md
@@ -0,0 +1,11 @@
+# bigdata-notebook-service
+
+## Cluster role
+
+### bigdata-notebook-service-bdenv-vXX-killer
+
+This role is used by bigdata-notebook-service to add the following SparkApp CR annotations:
+```
+bigdata.spot-io/kill-reason
+bigdata.spot-io/kill-requested-at
+```
diff --git a/charts/bigdata-notebook-service/templates/role.yaml b/charts/bigdata-notebook-service/templates/role.yaml
@@ -25,3 +25,16 @@ rules:
       - get
       - list
       - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "bigdata-notebook-service.fullname" . }}-killer
+rules:
+  - apiGroups:
+    - sparkoperator.k8s.io
+    resources:
+    - '*'
+    verbs:
+    - 'list'
+    - 'patch'
diff --git a/charts/bigdata-notebook-service/templates/role_binding.yaml b/charts/bigdata-notebook-service/templates/role_binding.yaml
@@ -25,3 +25,16 @@ subjects:
 - kind: ServiceAccount
   name: {{ include "bigdata-notebook-service.serviceAccountName" . }}
   namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "bigdata-notebook-service.fullname" . }}-killer
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "bigdata-notebook-service.fullname" . }}-killer
+subjects:
+- kind: ServiceAccount
+  name: {{ include "bigdata-notebook-service.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}