From 3933576bc19361247f5a4b7fc56418dcbdd437e1 Mon Sep 17 00:00:00 2001
From: Raffael Sahli <raffael.sahli@doodle.com>
Date: Mon, 12 Jun 2023 09:23:36 +0000
Subject: [PATCH 1/3] fix(chart): allow sa to read metrics

---
 chart/k8sreq-duplicator-controller/Chart.yaml   |  2 +-
 .../templates/deployment.yaml                   |  2 +-
 .../templates/metrics-rbac.yaml                 | 17 +++++++++++++++++
 chart/k8sreq-duplicator-controller/values.yaml  |  1 +
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/chart/k8sreq-duplicator-controller/Chart.yaml b/chart/k8sreq-duplicator-controller/Chart.yaml
index 821e09c4..6caeef08 100644
--- a/chart/k8sreq-duplicator-controller/Chart.yaml
+++ b/chart/k8sreq-duplicator-controller/Chart.yaml
@@ -14,4 +14,4 @@ keywords:
 name: k8sreq-duplicator-controller
 sources:
 - https://github.com/DoodleScheduling/k8sreq-duplicator-controller
-version: 0.0.2
+version: 0.0.3
diff --git a/chart/k8sreq-duplicator-controller/templates/deployment.yaml b/chart/k8sreq-duplicator-controller/templates/deployment.yaml
index c18c8554..04d750e8 100644
--- a/chart/k8sreq-duplicator-controller/templates/deployment.yaml
+++ b/chart/k8sreq-duplicator-controller/templates/deployment.yaml
@@ -88,7 +88,7 @@ spec:
         - --upstream=http://127.0.0.1:{{ .Values.metricsPort }}
         - --logtostderr=true
         - --v=0
-        image: quay.io/brancz/kube-rbac-proxy:v0.14.0
+        image: {{ .Values.kubeRBACProxy.image }}
         imagePullPolicy: IfNotPresent
         name: kube-rbac-proxy
         ports:
diff --git a/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml b/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml
index 7fdc1ec1..cbe9a5d5 100644
--- a/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml
+++ b/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml
@@ -16,6 +16,23 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
+metadata:
+  name: {{ include "k8sreq-duplicator-controller.fullname" . }}-metrics
+  labels:
+    app.kubernetes.io/name: {{ include "k8sreq-duplicator-controller.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "k8sreq-duplicator-controller.chart" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "k8sreq-duplicator-controller.fullname" . }}-metrics-reader
+subjects:
+- kind: ServiceAccount
+  name: {{ template "k8sreq-duplicator-controller.serviceAccountName" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "k8sreq-duplicator-controller.fullname" . }}-proxy
   labels:
diff --git a/chart/k8sreq-duplicator-controller/values.yaml b/chart/k8sreq-duplicator-controller/values.yaml
index 042eaa2f..90693c05 100644
--- a/chart/k8sreq-duplicator-controller/values.yaml
+++ b/chart/k8sreq-duplicator-controller/values.yaml
@@ -132,6 +132,7 @@ prometheusRule:
 
 kubeRBACProxy:
   enabled: true
+  image: quay.io/brancz/kube-rbac-proxy:v0.14.2
   securityContext:
     allowPrivilegeEscalation: false
     capabilities:

From 10b87130115bf577aab3e44e68021c7aec626125 Mon Sep 17 00:00:00 2001
From: Raffael Sahli <raffael.sahli@doodle.com>
Date: Mon, 12 Jun 2023 09:26:38 +0000
Subject: [PATCH 2/3] style: fix values lint

---
 chart/k8sreq-duplicator-controller/values.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chart/k8sreq-duplicator-controller/values.yaml b/chart/k8sreq-duplicator-controller/values.yaml
index 90693c05..ee83e598 100644
--- a/chart/k8sreq-duplicator-controller/values.yaml
+++ b/chart/k8sreq-duplicator-controller/values.yaml
@@ -88,7 +88,7 @@ securityContext:
     drop: ["all"]
   readOnlyRootFilesystem: true
 
-podSecurityContext:  
+podSecurityContext:
   runAsGroup: 10000
   runAsNonRoot: true
   runAsUser: 10000
@@ -146,5 +146,5 @@ kubeRBACProxy:
   # requests:
   #   cpu: 5m
   #   memory: 64Mi
-    
+
 tolerations: []

From 4a445f4bf6ae961a8cf40249b4185bbd04285f7a Mon Sep 17 00:00:00 2001
From: Raffael Sahli <raffael.sahli@doodle.com>
Date: Mon, 12 Jun 2023 09:29:55 +0000
Subject: [PATCH 3/3] fix: chart spec

---
 chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml b/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml
index cbe9a5d5..d659ace3 100644
--- a/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml
+++ b/chart/k8sreq-duplicator-controller/templates/metrics-rbac.yaml
@@ -30,6 +30,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ template "k8sreq-duplicator-controller.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding