From 5e8518280fcc960f8ff11a11e20fc2fed146bdc3 Mon Sep 17 00:00:00 2001 From: Michel Loiseleur Date: Thu, 7 Nov 2024 12:22:42 +0100 Subject: [PATCH] =?UTF-8?q?fix(KubernetesCRD):=20=F0=9F=90=9B=20IngressCla?= =?UTF-8?q?ss=20should=20be=20readable=20even=20when=20kubernetesIngress?= =?UTF-8?q?=20is=20disabled?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- traefik/templates/rbac/clusterrole.yaml | 11 +++++++++++ traefik/tests/rbac-config_test.yaml | 19 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/traefik/templates/rbac/clusterrole.yaml b/traefik/templates/rbac/clusterrole.yaml index 9e52d535d..5a614a995 100644 --- a/traefik/templates/rbac/clusterrole.yaml +++ b/traefik/templates/rbac/clusterrole.yaml @@ -105,6 +105,17 @@ rules: - update {{- end -}} {{- if .Values.providers.kubernetesCRD.enabled }} + {{- if not .Values.providers.kubernetesIngress.enabled }} + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + {{- end }} - apiGroups: - traefik.io resources: diff --git a/traefik/tests/rbac-config_test.yaml b/traefik/tests/rbac-config_test.yaml index 201968841..760a1d80b 100644 --- a/traefik/tests/rbac-config_test.yaml +++ b/traefik/tests/rbac-config_test.yaml @@ -124,6 +124,25 @@ tests: verbs: - update template: rbac/clusterrole.yaml + - it: ClusterRole should be able to read ingressclass when only kubernetesCRD is enabled + set: + providers: + kubernetesIngress: + enabled: false + asserts: + - contains: + path: rules + content: + apiGroups: + - extensions + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch + template: rbac/clusterrole.yaml - it: ClusterRole should not be able to read CRDs when kubernetesCRD is disabled set: providers: