diff --git a/CHANGELOG.md b/CHANGELOG.md index 9860fb8fd..ac1f5eaa3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## [master](https://github.com/arangodb/kube-arangodb/tree/master) (N/A) - (Documentation) Add ArangoPlatformStorage Docs & Examples - (Feature) Enable ML Operator and add required Platform Roles +- (Feature) Helm Lint ## [1.3.0](https://github.com/arangodb/kube-arangodb/tree/1.3.0) (2025-08-01) - (Feature) (Platform) Storage Debug diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml index 201c4915b..4f6628055 100644 --- a/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml index 76ac5ee99..a35eeaba7 100644 --- a/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml index 9fd0877f4..967e1f06c 100644 --- a/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml b/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml index 84e6cba2f..597f2e36c 100644 --- a/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/analytics-operator/role.yaml @@ -4,38 +4,60 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "analytics.arangodb.com" - resources: - - "graphanalyticsengines" - - "graphanalyticsengines/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [ "" ] - resources: - - "secrets" - - "services" - verbs: [ "*" ] + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml index 785c6e886..d0bfb7774 100644 --- a/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml index 4789de945..6bfa5a080 100644 --- a/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/apps-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml index dbd9fc636..fc323e9f5 100644 --- a/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/apps-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} --- diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml index 63df49055..6f3b1c90c 100644 --- a/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/apps-operator/role.yaml @@ -4,36 +4,82 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps.arangodb.com"] - resources: ["arangojobs","arangojobs/status"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps.arangodb.com" + resources: + - "arangojobs" + - "arangojobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -47,8 +93,13 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml index 07ae08095..c184f4d6b 100644 --- a/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml +++ b/chart/kube-arangodb-arm64/templates/apps-operator/service-account-job.yaml @@ -5,11 +5,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }}-job namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml index 4f1c23cff..2b5c3350b 100644 --- a/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml index a1c011982..43cd30081 100644 --- a/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/backup-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml index 679902669..afbf38eed 100644 --- a/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/backup-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml b/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml index 8d4aff472..083a81466 100644 --- a/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/backup-operator/role.yaml @@ -4,32 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackuppolicies/status" + - "arangobackups" + - "arangobackups/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/certificates/issuer.ca.yaml b/chart/kube-arangodb-arm64/templates/certificates/issuer.ca.yaml index 0b3f33291..bc0a75319 100644 --- a/chart/kube-arangodb-arm64/templates/certificates/issuer.ca.yaml +++ b/chart/kube-arangodb-arm64/templates/certificates/issuer.ca.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} spec: - selfSigned: {} + selfSigned: { } {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml index a0355a66f..dd3f64ad3 100644 --- a/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/crd/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml index 0704a51fa..e4663fb58 100644 --- a/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/crd/cluster-role.yaml @@ -5,44 +5,52 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: {{ if .Values.operator.features.analytics -}} -# analytics.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # analytics.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "graphanalyticsengines.analytics.arangodb.com" {{- end }} {{ if .Values.operator.features.apps -}} -# apps.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # apps.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangojobs.apps.arangodb.com" {{- end }} {{ if .Values.operator.features.backup -}} -# backup.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # backup.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangobackuppolicies.backup.arangodb.com" - "arangobackups.backup.arangodb.com" {{- end }} {{ if .Values.operator.features.deployment -}} -# database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoclustersynchronizations.database.arangodb.com" - "arangodeployments.database.arangodb.com" @@ -50,10 +58,12 @@ rules: - "arangotasks.database.arangodb.com" {{- end }} {{ if .Values.operator.features.ml -}} -# ml.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # ml.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangomlbatchjobs.ml.arangodb.com" - "arangomlcronjobs.ml.arangodb.com" @@ -61,26 +71,32 @@ rules: - "arangomlstorages.ml.arangodb.com" {{- end }} {{ if .Values.operator.features.networking -}} -# networking.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # networking.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoroutes.networking.arangodb.com" {{- end }} {{ if .Values.operator.features.deploymentReplications -}} -# replication.database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # replication.database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangodeploymentreplications.replication.database.arangodb.com" {{- end }} {{ if .Values.operator.features.scheduler -}} -# scheduler.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # scheduler.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoprofiles.scheduler.arangodb.com" - "arangoschedulerpods.scheduler.arangodb.com" @@ -89,10 +105,12 @@ rules: - "arangoschedulercronjobs.scheduler.arangodb.com" {{- end }} {{ if .Values.operator.features.platform -}} -# platform.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # platform.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoplatformcharts.platform.arangodb.com" - "arangoplatformstorages.platform.arangodb.com" diff --git a/chart/kube-arangodb-arm64/templates/debug/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/debug/cluster-role-binding.yaml index 47bb00b02..a474ca6b0 100644 --- a/chart/kube-arangodb-arm64/templates/debug/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/debug/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/debug/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/debug/cluster-role.yaml index 59b1be1fe..ae8bcc171 100644 --- a/chart/kube-arangodb-arm64/templates/debug/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/debug/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/debug/role-binding.yaml b/chart/kube-arangodb-arm64/templates/debug/role-binding.yaml index b54d447cd..815dbff52 100644 --- a/chart/kube-arangodb-arm64/templates/debug/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/debug/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/debug/role.yaml b/chart/kube-arangodb-arm64/templates/debug/role.yaml index e18cf7cda..5e83a3fce 100644 --- a/chart/kube-arangodb-arm64/templates/debug/role.yaml +++ b/chart/kube-arangodb-arm64/templates/debug/role.yaml @@ -4,30 +4,40 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - apiGroups: -# Core - - "" - - "apps" - - "batch" -# Arango - - "analytics.arangodb.com" - - "ml.arangodb.com" - resources: ["*"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/log"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] + # Core + - "" + - "apps" + - "batch" + # Arango + - "analytics.arangodb.com" + - "ml.arangodb.com" + resources: + - "*" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/exec" + verbs: + - "create" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml index 5e3261c21..cbaea7494 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml index 1e9222396..1a4784552 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/cluster-role.yaml @@ -5,20 +5,31 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes", "persistentvolumes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + - "persistentvolumes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml index 606474ee4..4a8658a50 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-default + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default subjects: - - kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml index af530b233..8a223326d 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/default-role.yaml @@ -4,18 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml index d06ec7ec0..94aecba5f 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml b/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml index a3ca5bc75..7d31d1acc 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-operator/role.yaml @@ -4,50 +4,141 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangodeployments/status" + - "arangomembers" + - "arangomembers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- if .Values.rbac.extensions.acs }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangoclustersynchronizations" + - "arangoclustersynchronizations/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- if .Values.rbac.extensions.at }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangotasks", "arangotasks/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangotasks" + - "arangotasks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["*"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["*"] - - apiGroups: ["platform.arangodb.com"] - resources: ["arangoplatformstorages", "arangoplatformstorages/status"] - verbs: ["get", "list", "watch"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackups"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + - "serviceaccounts" + - "configmaps" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "policy" + resources: + - "poddisruptionbudgets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "platform.arangodb.com" + resources: + - "arangoplatformstorages" + - "arangoplatformstorages/status" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackups" + verbs: + - "get" + - "list" + - "watch" {{- if .Values.rbac.extensions.monitoring }} - - apiGroups: ["monitoring.coreos.com"] - resources: ["servicemonitors"] - verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] + - apiGroups: + - "monitoring.coreos.com" + resources: + - "servicemonitors" + verbs: + - "get" + - "create" + - "delete" + - "update" + - "list" + - "watch" + - "patch" {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml index e526e91f3..54426af78 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml index cd4f9eb67..d7b1efaeb 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/cluster-role.yaml @@ -5,20 +5,30 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml index f908090c9..1b8226bf5 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml index c8cf8f993..19a87d03d 100644 --- a/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment-replications-operator/role.yaml @@ -4,27 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["replication.database.arangodb.com"] - resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "replication.database.arangodb.com" + resources: + - "arangodeploymentreplications" + - "arangodeploymentreplications/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/deployment.yaml b/chart/kube-arangodb-arm64/templates/deployment.yaml index 7811a6744..4e6952059 100644 --- a/chart/kube-arangodb-arm64/templates/deployment.yaml +++ b/chart/kube-arangodb-arm64/templates/deployment.yaml @@ -11,259 +11,259 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 8 }} {{- end }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: {{- if .Values.operator.debug }} - replicas: 1 + replicas: 1 {{- else }} - replicas: {{ .Values.operator.replicaCount }} + replicas: {{ .Values.operator.replicaCount }} {{- end }} - strategy: + strategy: {{ toYaml .Values.operator.updateStrategy | indent 8 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 16 }} {{- end }} - spec: + spec: {{- if .Values.operator.nodeSelector }} - nodeSelector: + nodeSelector: {{ toYaml .Values.operator.nodeSelector | indent 16 }} {{- end }} - serviceAccountName: {{ template "kube-arangodb.operatorName" . }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: {{- range .Values.operator.architectures }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - {{ template "kube-arangodb.name" . }} - - key: app.kubernetes.io/instance - operator: In - values: - - {{ .Release.Name }} - hostNetwork: false - hostPID: false - hostIPC: false - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.operator.securityContext.runAsUser }} - containers: - - name: operator - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: {{- if .Values.certificate.enabled }} - - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert - - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert {{- end -}} {{- if .Values.operator.features.deployment }} - - --operator.deployment + - --operator.deployment {{- end -}} {{ if .Values.operator.features.deploymentReplications }} - - --operator.deployment-replication + - --operator.deployment-replication {{- end -}} {{ if .Values.operator.features.storage }} - - --operator.storage + - --operator.storage {{- end }} {{ if .Values.operator.features.backup }} - - --operator.backup + - --operator.backup {{- end }} {{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} - - --mode.single + - --mode.single {{- end }} {{- if .Values.operator.skipLeaderLabels }} - - --leader.label.skip + - --leader.label.skip {{- end }} {{ if .Values.operator.features.apps }} - - --operator.apps + - --operator.apps {{- end }} {{ if .Values.operator.features.ml }} - - --operator.ml + - --operator.ml {{- end }} {{ if .Values.operator.features.analytics }} - - --operator.analytics + - --operator.analytics {{- end }} {{ if .Values.operator.features.networking }} - - --operator.networking + - --operator.networking {{- end }} {{ if .Values.operator.features.scheduler }} - - --operator.scheduler + - --operator.scheduler {{- end }} {{ if .Values.operator.features.platform }} - - --operator.platform + - --operator.platform {{- end }} {{ if .Values.operator.features.k8sToK8sClusterSync }} - - --operator.k2k-cluster-sync + - --operator.k2k-cluster-sync {{- end }} - - --chaos.allowed={{ .Values.operator.allowChaos }} + - --chaos.allowed={{ .Values.operator.allowChaos }} {{- if .Values.operator.args }} {{- range .Values.operator.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "operator" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP {{- if .Values.operator.features.apps }} - - name: ARANGOJOB_SA_NAME - value: "{{ template "kube-arangodb.operatorName" . }}-job" + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" {{- end }} - ports: - - name: metrics - containerPort: 8528 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.operator.debug }} - add: - - 'SYS_PTRACE' + add: + - 'SYS_PTRACE' {{- end }} {{- if .Values.operator.resources }} - resources: + resources: {{ toYaml .Values.operator.resources | indent 22 }} {{- end }} {{- if not .Values.operator.debug }} - livenessProbe: - httpGet: - path: /health - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{ if .Values.webhooks.enabled }} - - name: webhooks - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: - - webhook + - name: webhooks + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - webhook {{- if .Values.certificate.enabled }} - - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert - - --ssl.secret.namespace={{ .Release.Namespace }} + - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert + - --ssl.secret.namespace={{ .Release.Namespace }} {{- end -}} {{- if .Values.webhooks.args }} {{- range .Values.webhooks.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "webhooks" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - name: webhooks - containerPort: 8828 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "webhooks" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - name: webhooks + containerPort: 8828 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.webhooks.resources }} - resources: + resources: {{ toYaml .Values.webhooks.resources | indent 22 }} {{- end }} {{- if not .Values.webhooks.debug }} - livenessProbe: - httpGet: - path: /health - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{- end }} - tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 {{- if .Values.operator.tolerations }} {{ toYaml .Values.operator.tolerations | indent 16 }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml index c8cef6a03..86c001ed1 100644 --- a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml index 17f1a73f3..b3cbd5e55 100644 --- a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml index c4399917d..26ec71722 100644 --- a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml index d308f9111..73b0b44da 100644 --- a/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/k2k-cluster-sync-operator/role.yaml @@ -4,30 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangoclustersynchronizations"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangoclustersynchronizations" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml index 85d3cdc05..41fdb4fba 100644 --- a/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml index 4e6a92385..cef297758 100644 --- a/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/ml-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml index a7a666189..1da89eac3 100644 --- a/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/ml-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml b/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml index bc628afa4..a5e2beb4e 100644 --- a/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/ml-operator/role.yaml @@ -4,65 +4,107 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "ml.arangodb.com" - resources: - - "arangomlextensions" - - "arangomlextensions/status" - - "arangomlbatchjobs" - - "arangomlbatchjobs/status" - - "arangomlcronjobs" - - "arangomlcronjobs/status" - - "arangomlstorages" - - "arangomlstorages/status" - verbs: - - "*" - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "roles" - - "rolebindings" - verbs: ["*"] - - apiGroups: - - "batch" - resources: - - "cronjobs" - - "jobs" - verbs: ["*"] - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [""] - resources: - - "pods" - - "secrets" - - "services" - - "serviceaccounts" - verbs: ["*"] + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role-binding.yaml index ece410ff9..7c079cb9b 100644 --- a/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role.yaml index 45840ac01..0dc745635 100644 --- a/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/networking-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/networking-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/networking-operator/role-binding.yaml index 29802d1d8..d4ed87e64 100644 --- a/chart/kube-arangodb-arm64/templates/networking-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/networking-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/networking-operator/role.yaml b/chart/kube-arangodb-arm64/templates/networking-operator/role.yaml index 3da6b9dff..5f4f5a0c8 100644 --- a/chart/kube-arangodb-arm64/templates/networking-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/networking-operator/role.yaml @@ -4,20 +4,37 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["networking.arangodb.com"] - resources: ["arangoroutes", "arangoroutes/status"] - verbs: ["*"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "networking.arangodb.com" + resources: + - "arangoroutes" + - "arangoroutes/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role-binding.yaml index 200625d04..1a964af5f 100644 --- a/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role.yaml index ee3202c4d..0aa01df47 100644 --- a/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/platform-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/platform-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/platform-operator/role-binding.yaml index 7eae42709..60ff0285f 100644 --- a/chart/kube-arangodb-arm64/templates/platform-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/platform-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/platform-operator/role.yaml b/chart/kube-arangodb-arm64/templates/platform-operator/role.yaml index fc0d8d71d..2b2ab4389 100644 --- a/chart/kube-arangodb-arm64/templates/platform-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/platform-operator/role.yaml @@ -4,46 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["platform.arangodb.com"] + - apiGroups: + - "platform.arangodb.com" resources: - - "arangoplatformstorages" - - "arangoplatformstorages/status" - - "arangoplatformcharts" - - "arangoplatformcharts/status" - - "arangoplatformservices" - - "arangoplatformservices/status" - verbs: ["*"] + - "arangoplatformstorages" + - "arangoplatformstorages/status" + - "arangoplatformcharts" + - "arangoplatformcharts/status" + - "arangoplatformservices" + - "arangoplatformservices/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "rbac.authorization.k8s.io" resources: - "roles" - "rolebindings" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "batch" resources: - "cronjobs" - "jobs" - verbs: [ "*" ] - - apiGroups: [ "apps" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" resources: - "statefulsets" - verbs: [ "*" ] - - apiGroups: [ "" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" resources: - "pods" - "secrets" - "services" - "serviceaccounts" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role-binding.yaml index aa1dd27d9..b2398ea0b 100644 --- a/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role.yaml index 12e4b2fd3..917ec8336 100644 --- a/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/scheduler-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/scheduler-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/scheduler-operator/role-binding.yaml index 02e1eb816..9e2672dc5 100644 --- a/chart/kube-arangodb-arm64/templates/scheduler-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/scheduler-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/scheduler-operator/role.yaml b/chart/kube-arangodb-arm64/templates/scheduler-operator/role.yaml index f254c77c6..0933fc8b2 100644 --- a/chart/kube-arangodb-arm64/templates/scheduler-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/scheduler-operator/role.yaml @@ -4,60 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - - "arangoschedulerpods" - - "arangoschedulerpods/status" - - "arangoschedulerdeployments" - - "arangoschedulerdeployments/status" - - "arangoschedulerbatchjobs" - - "arangoschedulerbatchjobs/status" - - "arangoschedulercronjobs" - - "arangoschedulercronjobs/status" - verbs: - - "*" - - apiGroups: - - "" - resources: - - "pods" - - "pods/status" - verbs: - - "*" - - apiGroups: - - "apps" - resources: - - "deployments" - - "deployments/status" - verbs: - - "*" - - apiGroups: - - "batch" - resources: - - "jobs" - - "jobs/status" - - "cronjobs" - - "cronjobs/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + - "arangoschedulerpods" + - "arangoschedulerpods/status" + - "arangoschedulerdeployments" + - "arangoschedulerdeployments/status" + - "arangoschedulerbatchjobs" + - "arangoschedulerbatchjobs/status" + - "arangoschedulercronjobs" + - "arangoschedulercronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "pods/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "deployments/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "jobs" + - "jobs/status" + - "cronjobs" + - "cronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/service-account.yaml b/chart/kube-arangodb-arm64/templates/service-account.yaml index 3c102d1a7..6855b7ee2 100644 --- a/chart/kube-arangodb-arm64/templates/service-account.yaml +++ b/chart/kube-arangodb-arm64/templates/service-account.yaml @@ -4,11 +4,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml index cfaaff455..23d56b656 100644 --- a/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role-binding.yaml @@ -4,21 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml index 8109978b3..061e4d730 100644 --- a/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml +++ b/chart/kube-arangodb-arm64/templates/storage-operator/cluster-role.yaml @@ -4,29 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] - verbs: ["*"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["*"] - - apiGroups: ["storage.arangodb.com"] - resources: ["arangolocalstorages"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "persistentvolumes" + - "persistentvolumeclaims" + - "endpoints" + - "events" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "storage.k8s.io" + resources: + - "storageclasses" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "storage.arangodb.com" + resources: + - "arangolocalstorages" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml index b1f021c19..fb168515a 100644 --- a/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml +++ b/chart/kube-arangodb-arm64/templates/storage-operator/crd.yaml @@ -4,31 +4,31 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: arangolocalstorages.storage.arangodb.com - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: - group: storage.arangodb.com - names: - kind: ArangoLocalStorage - listKind: ArangoLocalStorageList - plural: arangolocalstorages - shortNames: - - arangostorage - singular: arangolocalstorage - scope: Cluster - versions: - - name: v1alpha - served: true - storage: true - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml index 5e120f06b..f31ed05a0 100644 --- a/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml +++ b/chart/kube-arangodb-arm64/templates/storage-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml b/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml index 47553bb0a..4996ad89e 100644 --- a/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml +++ b/chart/kube-arangodb-arm64/templates/storage-operator/role.yaml @@ -4,27 +4,49 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "update", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" + - "update" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "daemonsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-arm64/templates/webhook/mutation.yaml b/chart/kube-arangodb-arm64/templates/webhook/mutation.yaml index 27efd0821..c5b8259a1 100644 --- a/chart/kube-arangodb-arm64/templates/webhook/mutation.yaml +++ b/chart/kube-arangodb-arm64/templates/webhook/mutation.yaml @@ -25,17 +25,22 @@ webhooks: - key: profiles.arangodb.com/deployment operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 - name: "generic.pod.policies.scheduler.arangodb.com" @@ -50,17 +55,22 @@ webhooks: - key: profiles.arangodb.com/apply operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 diff --git a/chart/kube-arangodb-arm64/templates/webhook/validation.yaml b/chart/kube-arangodb-arm64/templates/webhook/validation.yaml index 0c791cacc..7b8db4523 100644 --- a/chart/kube-arangodb-arm64/templates/webhook/validation.yaml +++ b/chart/kube-arangodb-arm64/templates/webhook/validation.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} -webhooks: [] +webhooks: [ ] {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml index 201c4915b..4f6628055 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml index 76ac5ee99..a35eeaba7 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml index 9fd0877f4..967e1f06c 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml index 84e6cba2f..597f2e36c 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/analytics-operator/role.yaml @@ -4,38 +4,60 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "analytics.arangodb.com" - resources: - - "graphanalyticsengines" - - "graphanalyticsengines/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [ "" ] - resources: - - "secrets" - - "services" - verbs: [ "*" ] + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml index 785c6e886..d0bfb7774 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml index 4789de945..6bfa5a080 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml index dbd9fc636..fc323e9f5 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} --- diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml index 63df49055..6f3b1c90c 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/role.yaml @@ -4,36 +4,82 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps.arangodb.com"] - resources: ["arangojobs","arangojobs/status"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps.arangodb.com" + resources: + - "arangojobs" + - "arangojobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -47,8 +93,13 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml index 07ae08095..c184f4d6b 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/apps-operator/service-account-job.yaml @@ -5,11 +5,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }}-job namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml index 4f1c23cff..2b5c3350b 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml index a1c011982..43cd30081 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml index 679902669..afbf38eed 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml index 8d4aff472..083a81466 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/backup-operator/role.yaml @@ -4,32 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackuppolicies/status" + - "arangobackups" + - "arangobackups/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/certificates/issuer.ca.yaml b/chart/kube-arangodb-enterprise-arm64/templates/certificates/issuer.ca.yaml index 0b3f33291..bc0a75319 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/certificates/issuer.ca.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/certificates/issuer.ca.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} spec: - selfSigned: {} + selfSigned: { } {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml index a0355a66f..dd3f64ad3 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml index 0704a51fa..e4663fb58 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/crd/cluster-role.yaml @@ -5,44 +5,52 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: {{ if .Values.operator.features.analytics -}} -# analytics.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # analytics.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "graphanalyticsengines.analytics.arangodb.com" {{- end }} {{ if .Values.operator.features.apps -}} -# apps.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # apps.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangojobs.apps.arangodb.com" {{- end }} {{ if .Values.operator.features.backup -}} -# backup.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # backup.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangobackuppolicies.backup.arangodb.com" - "arangobackups.backup.arangodb.com" {{- end }} {{ if .Values.operator.features.deployment -}} -# database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoclustersynchronizations.database.arangodb.com" - "arangodeployments.database.arangodb.com" @@ -50,10 +58,12 @@ rules: - "arangotasks.database.arangodb.com" {{- end }} {{ if .Values.operator.features.ml -}} -# ml.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # ml.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangomlbatchjobs.ml.arangodb.com" - "arangomlcronjobs.ml.arangodb.com" @@ -61,26 +71,32 @@ rules: - "arangomlstorages.ml.arangodb.com" {{- end }} {{ if .Values.operator.features.networking -}} -# networking.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # networking.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoroutes.networking.arangodb.com" {{- end }} {{ if .Values.operator.features.deploymentReplications -}} -# replication.database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # replication.database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangodeploymentreplications.replication.database.arangodb.com" {{- end }} {{ if .Values.operator.features.scheduler -}} -# scheduler.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # scheduler.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoprofiles.scheduler.arangodb.com" - "arangoschedulerpods.scheduler.arangodb.com" @@ -89,10 +105,12 @@ rules: - "arangoschedulercronjobs.scheduler.arangodb.com" {{- end }} {{ if .Values.operator.features.platform -}} -# platform.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # platform.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoplatformcharts.platform.arangodb.com" - "arangoplatformstorages.platform.arangodb.com" diff --git a/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role-binding.yaml index 47bb00b02..a474ca6b0 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role.yaml index 59b1be1fe..ae8bcc171 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/debug/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/debug/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/debug/role-binding.yaml index b54d447cd..815dbff52 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/debug/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/debug/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/debug/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/debug/role.yaml index e18cf7cda..5e83a3fce 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/debug/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/debug/role.yaml @@ -4,30 +4,40 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - apiGroups: -# Core - - "" - - "apps" - - "batch" -# Arango - - "analytics.arangodb.com" - - "ml.arangodb.com" - resources: ["*"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/log"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] + # Core + - "" + - "apps" + - "batch" + # Arango + - "analytics.arangodb.com" + - "ml.arangodb.com" + resources: + - "*" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/exec" + verbs: + - "create" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml index 5e3261c21..cbaea7494 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml index 1e9222396..1a4784552 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/cluster-role.yaml @@ -5,20 +5,31 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes", "persistentvolumes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + - "persistentvolumes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml index 606474ee4..4a8658a50 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-default + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default subjects: - - kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml index af530b233..8a223326d 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/default-role.yaml @@ -4,18 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml index d06ec7ec0..94aecba5f 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml index a3ca5bc75..7d31d1acc 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-operator/role.yaml @@ -4,50 +4,141 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangodeployments/status" + - "arangomembers" + - "arangomembers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- if .Values.rbac.extensions.acs }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangoclustersynchronizations" + - "arangoclustersynchronizations/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- if .Values.rbac.extensions.at }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangotasks", "arangotasks/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangotasks" + - "arangotasks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["*"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["*"] - - apiGroups: ["platform.arangodb.com"] - resources: ["arangoplatformstorages", "arangoplatformstorages/status"] - verbs: ["get", "list", "watch"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackups"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + - "serviceaccounts" + - "configmaps" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "policy" + resources: + - "poddisruptionbudgets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "platform.arangodb.com" + resources: + - "arangoplatformstorages" + - "arangoplatformstorages/status" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackups" + verbs: + - "get" + - "list" + - "watch" {{- if .Values.rbac.extensions.monitoring }} - - apiGroups: ["monitoring.coreos.com"] - resources: ["servicemonitors"] - verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] + - apiGroups: + - "monitoring.coreos.com" + resources: + - "servicemonitors" + verbs: + - "get" + - "create" + - "delete" + - "update" + - "list" + - "watch" + - "patch" {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml index e526e91f3..54426af78 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml index cd4f9eb67..d7b1efaeb 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/cluster-role.yaml @@ -5,20 +5,30 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml index f908090c9..1b8226bf5 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml index c8cf8f993..19a87d03d 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment-replications-operator/role.yaml @@ -4,27 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["replication.database.arangodb.com"] - resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "replication.database.arangodb.com" + resources: + - "arangodeploymentreplications" + - "arangodeploymentreplications/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml b/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml index 7811a6744..4e6952059 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/deployment.yaml @@ -11,259 +11,259 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 8 }} {{- end }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: {{- if .Values.operator.debug }} - replicas: 1 + replicas: 1 {{- else }} - replicas: {{ .Values.operator.replicaCount }} + replicas: {{ .Values.operator.replicaCount }} {{- end }} - strategy: + strategy: {{ toYaml .Values.operator.updateStrategy | indent 8 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 16 }} {{- end }} - spec: + spec: {{- if .Values.operator.nodeSelector }} - nodeSelector: + nodeSelector: {{ toYaml .Values.operator.nodeSelector | indent 16 }} {{- end }} - serviceAccountName: {{ template "kube-arangodb.operatorName" . }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: {{- range .Values.operator.architectures }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - {{ template "kube-arangodb.name" . }} - - key: app.kubernetes.io/instance - operator: In - values: - - {{ .Release.Name }} - hostNetwork: false - hostPID: false - hostIPC: false - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.operator.securityContext.runAsUser }} - containers: - - name: operator - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: {{- if .Values.certificate.enabled }} - - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert - - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert {{- end -}} {{- if .Values.operator.features.deployment }} - - --operator.deployment + - --operator.deployment {{- end -}} {{ if .Values.operator.features.deploymentReplications }} - - --operator.deployment-replication + - --operator.deployment-replication {{- end -}} {{ if .Values.operator.features.storage }} - - --operator.storage + - --operator.storage {{- end }} {{ if .Values.operator.features.backup }} - - --operator.backup + - --operator.backup {{- end }} {{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} - - --mode.single + - --mode.single {{- end }} {{- if .Values.operator.skipLeaderLabels }} - - --leader.label.skip + - --leader.label.skip {{- end }} {{ if .Values.operator.features.apps }} - - --operator.apps + - --operator.apps {{- end }} {{ if .Values.operator.features.ml }} - - --operator.ml + - --operator.ml {{- end }} {{ if .Values.operator.features.analytics }} - - --operator.analytics + - --operator.analytics {{- end }} {{ if .Values.operator.features.networking }} - - --operator.networking + - --operator.networking {{- end }} {{ if .Values.operator.features.scheduler }} - - --operator.scheduler + - --operator.scheduler {{- end }} {{ if .Values.operator.features.platform }} - - --operator.platform + - --operator.platform {{- end }} {{ if .Values.operator.features.k8sToK8sClusterSync }} - - --operator.k2k-cluster-sync + - --operator.k2k-cluster-sync {{- end }} - - --chaos.allowed={{ .Values.operator.allowChaos }} + - --chaos.allowed={{ .Values.operator.allowChaos }} {{- if .Values.operator.args }} {{- range .Values.operator.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "operator" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP {{- if .Values.operator.features.apps }} - - name: ARANGOJOB_SA_NAME - value: "{{ template "kube-arangodb.operatorName" . }}-job" + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" {{- end }} - ports: - - name: metrics - containerPort: 8528 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.operator.debug }} - add: - - 'SYS_PTRACE' + add: + - 'SYS_PTRACE' {{- end }} {{- if .Values.operator.resources }} - resources: + resources: {{ toYaml .Values.operator.resources | indent 22 }} {{- end }} {{- if not .Values.operator.debug }} - livenessProbe: - httpGet: - path: /health - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{ if .Values.webhooks.enabled }} - - name: webhooks - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: - - webhook + - name: webhooks + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - webhook {{- if .Values.certificate.enabled }} - - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert - - --ssl.secret.namespace={{ .Release.Namespace }} + - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert + - --ssl.secret.namespace={{ .Release.Namespace }} {{- end -}} {{- if .Values.webhooks.args }} {{- range .Values.webhooks.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "webhooks" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - name: webhooks - containerPort: 8828 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "webhooks" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - name: webhooks + containerPort: 8828 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.webhooks.resources }} - resources: + resources: {{ toYaml .Values.webhooks.resources | indent 22 }} {{- end }} {{- if not .Values.webhooks.debug }} - livenessProbe: - httpGet: - path: /health - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{- end }} - tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 {{- if .Values.operator.tolerations }} {{ toYaml .Values.operator.tolerations | indent 16 }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml index c8cef6a03..86c001ed1 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml index 17f1a73f3..b3cbd5e55 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml index c4399917d..26ec71722 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml index d308f9111..73b0b44da 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/k2k-cluster-sync-operator/role.yaml @@ -4,30 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangoclustersynchronizations"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangoclustersynchronizations" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml index 85d3cdc05..41fdb4fba 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml index 4e6a92385..cef297758 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml index a7a666189..1da89eac3 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml index bc628afa4..a5e2beb4e 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/ml-operator/role.yaml @@ -4,65 +4,107 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "ml.arangodb.com" - resources: - - "arangomlextensions" - - "arangomlextensions/status" - - "arangomlbatchjobs" - - "arangomlbatchjobs/status" - - "arangomlcronjobs" - - "arangomlcronjobs/status" - - "arangomlstorages" - - "arangomlstorages/status" - verbs: - - "*" - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "roles" - - "rolebindings" - verbs: ["*"] - - apiGroups: - - "batch" - resources: - - "cronjobs" - - "jobs" - verbs: ["*"] - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [""] - resources: - - "pods" - - "secrets" - - "services" - - "serviceaccounts" - verbs: ["*"] + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role-binding.yaml index ece410ff9..7c079cb9b 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role.yaml index 45840ac01..0dc745635 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role-binding.yaml index 29802d1d8..d4ed87e64 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role.yaml index 3da6b9dff..5f4f5a0c8 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/networking-operator/role.yaml @@ -4,20 +4,37 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["networking.arangodb.com"] - resources: ["arangoroutes", "arangoroutes/status"] - verbs: ["*"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "networking.arangodb.com" + resources: + - "arangoroutes" + - "arangoroutes/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role-binding.yaml index 200625d04..1a964af5f 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role.yaml index ee3202c4d..0aa01df47 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role-binding.yaml index 7eae42709..60ff0285f 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role.yaml index fc0d8d71d..2b2ab4389 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/platform-operator/role.yaml @@ -4,46 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["platform.arangodb.com"] + - apiGroups: + - "platform.arangodb.com" resources: - - "arangoplatformstorages" - - "arangoplatformstorages/status" - - "arangoplatformcharts" - - "arangoplatformcharts/status" - - "arangoplatformservices" - - "arangoplatformservices/status" - verbs: ["*"] + - "arangoplatformstorages" + - "arangoplatformstorages/status" + - "arangoplatformcharts" + - "arangoplatformcharts/status" + - "arangoplatformservices" + - "arangoplatformservices/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "rbac.authorization.k8s.io" resources: - "roles" - "rolebindings" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "batch" resources: - "cronjobs" - "jobs" - verbs: [ "*" ] - - apiGroups: [ "apps" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" resources: - "statefulsets" - verbs: [ "*" ] - - apiGroups: [ "" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" resources: - "pods" - "secrets" - "services" - "serviceaccounts" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role-binding.yaml index aa1dd27d9..b2398ea0b 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role.yaml index 12e4b2fd3..917ec8336 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role-binding.yaml index 02e1eb816..9e2672dc5 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role.yaml index f254c77c6..0933fc8b2 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/scheduler-operator/role.yaml @@ -4,60 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - - "arangoschedulerpods" - - "arangoschedulerpods/status" - - "arangoschedulerdeployments" - - "arangoschedulerdeployments/status" - - "arangoschedulerbatchjobs" - - "arangoschedulerbatchjobs/status" - - "arangoschedulercronjobs" - - "arangoschedulercronjobs/status" - verbs: - - "*" - - apiGroups: - - "" - resources: - - "pods" - - "pods/status" - verbs: - - "*" - - apiGroups: - - "apps" - resources: - - "deployments" - - "deployments/status" - verbs: - - "*" - - apiGroups: - - "batch" - resources: - - "jobs" - - "jobs/status" - - "cronjobs" - - "cronjobs/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + - "arangoschedulerpods" + - "arangoschedulerpods/status" + - "arangoschedulerdeployments" + - "arangoschedulerdeployments/status" + - "arangoschedulerbatchjobs" + - "arangoschedulerbatchjobs/status" + - "arangoschedulercronjobs" + - "arangoschedulercronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "pods/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "deployments/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "jobs" + - "jobs/status" + - "cronjobs" + - "cronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml b/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml index 3c102d1a7..6855b7ee2 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/service-account.yaml @@ -4,11 +4,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml index cfaaff455..23d56b656 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role-binding.yaml @@ -4,21 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml index 8109978b3..061e4d730 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/cluster-role.yaml @@ -4,29 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] - verbs: ["*"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["*"] - - apiGroups: ["storage.arangodb.com"] - resources: ["arangolocalstorages"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "persistentvolumes" + - "persistentvolumeclaims" + - "endpoints" + - "events" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "storage.k8s.io" + resources: + - "storageclasses" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "storage.arangodb.com" + resources: + - "arangolocalstorages" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml index b1f021c19..fb168515a 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/crd.yaml @@ -4,31 +4,31 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: arangolocalstorages.storage.arangodb.com - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: - group: storage.arangodb.com - names: - kind: ArangoLocalStorage - listKind: ArangoLocalStorageList - plural: arangolocalstorages - shortNames: - - arangostorage - singular: arangolocalstorage - scope: Cluster - versions: - - name: v1alpha - served: true - storage: true - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml index 5e120f06b..f31ed05a0 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml index 47553bb0a..4996ad89e 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/storage-operator/role.yaml @@ -4,27 +4,49 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "update", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" + - "update" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "daemonsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise-arm64/templates/webhook/mutation.yaml b/chart/kube-arangodb-enterprise-arm64/templates/webhook/mutation.yaml index 27efd0821..c5b8259a1 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/webhook/mutation.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/webhook/mutation.yaml @@ -25,17 +25,22 @@ webhooks: - key: profiles.arangodb.com/deployment operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 - name: "generic.pod.policies.scheduler.arangodb.com" @@ -50,17 +55,22 @@ webhooks: - key: profiles.arangodb.com/apply operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 diff --git a/chart/kube-arangodb-enterprise-arm64/templates/webhook/validation.yaml b/chart/kube-arangodb-enterprise-arm64/templates/webhook/validation.yaml index 0c791cacc..7b8db4523 100644 --- a/chart/kube-arangodb-enterprise-arm64/templates/webhook/validation.yaml +++ b/chart/kube-arangodb-enterprise-arm64/templates/webhook/validation.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} -webhooks: [] +webhooks: [ ] {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml index 201c4915b..4f6628055 100644 --- a/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml index 76ac5ee99..a35eeaba7 100644 --- a/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml index 9fd0877f4..967e1f06c 100644 --- a/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml index 84e6cba2f..597f2e36c 100644 --- a/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/analytics-operator/role.yaml @@ -4,38 +4,60 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "analytics.arangodb.com" - resources: - - "graphanalyticsengines" - - "graphanalyticsengines/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [ "" ] - resources: - - "secrets" - - "services" - verbs: [ "*" ] + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml index 785c6e886..d0bfb7774 100644 --- a/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml index 4789de945..6bfa5a080 100644 --- a/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml index dbd9fc636..fc323e9f5 100644 --- a/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} --- diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml index 63df49055..6f3b1c90c 100644 --- a/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/role.yaml @@ -4,36 +4,82 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps.arangodb.com"] - resources: ["arangojobs","arangojobs/status"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps.arangodb.com" + resources: + - "arangojobs" + - "arangojobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -47,8 +93,13 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml index 07ae08095..c184f4d6b 100644 --- a/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml +++ b/chart/kube-arangodb-enterprise/templates/apps-operator/service-account-job.yaml @@ -5,11 +5,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }}-job namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml index 4f1c23cff..2b5c3350b 100644 --- a/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml index a1c011982..43cd30081 100644 --- a/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml index 679902669..afbf38eed 100644 --- a/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml index 8d4aff472..083a81466 100644 --- a/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/backup-operator/role.yaml @@ -4,32 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackuppolicies/status" + - "arangobackups" + - "arangobackups/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/certificates/issuer.ca.yaml b/chart/kube-arangodb-enterprise/templates/certificates/issuer.ca.yaml index 0b3f33291..bc0a75319 100644 --- a/chart/kube-arangodb-enterprise/templates/certificates/issuer.ca.yaml +++ b/chart/kube-arangodb-enterprise/templates/certificates/issuer.ca.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} spec: - selfSigned: {} + selfSigned: { } {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml index a0355a66f..dd3f64ad3 100644 --- a/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/crd/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml index 0704a51fa..e4663fb58 100644 --- a/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/crd/cluster-role.yaml @@ -5,44 +5,52 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: {{ if .Values.operator.features.analytics -}} -# analytics.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # analytics.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "graphanalyticsengines.analytics.arangodb.com" {{- end }} {{ if .Values.operator.features.apps -}} -# apps.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # apps.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangojobs.apps.arangodb.com" {{- end }} {{ if .Values.operator.features.backup -}} -# backup.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # backup.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangobackuppolicies.backup.arangodb.com" - "arangobackups.backup.arangodb.com" {{- end }} {{ if .Values.operator.features.deployment -}} -# database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoclustersynchronizations.database.arangodb.com" - "arangodeployments.database.arangodb.com" @@ -50,10 +58,12 @@ rules: - "arangotasks.database.arangodb.com" {{- end }} {{ if .Values.operator.features.ml -}} -# ml.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # ml.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangomlbatchjobs.ml.arangodb.com" - "arangomlcronjobs.ml.arangodb.com" @@ -61,26 +71,32 @@ rules: - "arangomlstorages.ml.arangodb.com" {{- end }} {{ if .Values.operator.features.networking -}} -# networking.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # networking.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoroutes.networking.arangodb.com" {{- end }} {{ if .Values.operator.features.deploymentReplications -}} -# replication.database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # replication.database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangodeploymentreplications.replication.database.arangodb.com" {{- end }} {{ if .Values.operator.features.scheduler -}} -# scheduler.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # scheduler.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoprofiles.scheduler.arangodb.com" - "arangoschedulerpods.scheduler.arangodb.com" @@ -89,10 +105,12 @@ rules: - "arangoschedulercronjobs.scheduler.arangodb.com" {{- end }} {{ if .Values.operator.features.platform -}} -# platform.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # platform.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoplatformcharts.platform.arangodb.com" - "arangoplatformstorages.platform.arangodb.com" diff --git a/chart/kube-arangodb-enterprise/templates/debug/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/debug/cluster-role-binding.yaml index 47bb00b02..a474ca6b0 100644 --- a/chart/kube-arangodb-enterprise/templates/debug/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/debug/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/debug/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/debug/cluster-role.yaml index 59b1be1fe..ae8bcc171 100644 --- a/chart/kube-arangodb-enterprise/templates/debug/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/debug/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/debug/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/debug/role-binding.yaml index b54d447cd..815dbff52 100644 --- a/chart/kube-arangodb-enterprise/templates/debug/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/debug/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/debug/role.yaml b/chart/kube-arangodb-enterprise/templates/debug/role.yaml index e18cf7cda..5e83a3fce 100644 --- a/chart/kube-arangodb-enterprise/templates/debug/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/debug/role.yaml @@ -4,30 +4,40 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - apiGroups: -# Core - - "" - - "apps" - - "batch" -# Arango - - "analytics.arangodb.com" - - "ml.arangodb.com" - resources: ["*"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/log"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] + # Core + - "" + - "apps" + - "batch" + # Arango + - "analytics.arangodb.com" + - "ml.arangodb.com" + resources: + - "*" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/exec" + verbs: + - "create" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml index 5e3261c21..cbaea7494 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml index 1e9222396..1a4784552 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/cluster-role.yaml @@ -5,20 +5,31 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes", "persistentvolumes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + - "persistentvolumes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml index 606474ee4..4a8658a50 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-default + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default subjects: - - kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml index af530b233..8a223326d 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/default-role.yaml @@ -4,18 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml index d06ec7ec0..94aecba5f 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml index a3ca5bc75..7d31d1acc 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-operator/role.yaml @@ -4,50 +4,141 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangodeployments/status" + - "arangomembers" + - "arangomembers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- if .Values.rbac.extensions.acs }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangoclustersynchronizations" + - "arangoclustersynchronizations/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- if .Values.rbac.extensions.at }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangotasks", "arangotasks/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangotasks" + - "arangotasks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["*"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["*"] - - apiGroups: ["platform.arangodb.com"] - resources: ["arangoplatformstorages", "arangoplatformstorages/status"] - verbs: ["get", "list", "watch"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackups"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + - "serviceaccounts" + - "configmaps" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "policy" + resources: + - "poddisruptionbudgets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "platform.arangodb.com" + resources: + - "arangoplatformstorages" + - "arangoplatformstorages/status" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackups" + verbs: + - "get" + - "list" + - "watch" {{- if .Values.rbac.extensions.monitoring }} - - apiGroups: ["monitoring.coreos.com"] - resources: ["servicemonitors"] - verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] + - apiGroups: + - "monitoring.coreos.com" + resources: + - "servicemonitors" + verbs: + - "get" + - "create" + - "delete" + - "update" + - "list" + - "watch" + - "patch" {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml index e526e91f3..54426af78 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml index cd4f9eb67..d7b1efaeb 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/cluster-role.yaml @@ -5,20 +5,30 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml index f908090c9..1b8226bf5 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml index c8cf8f993..19a87d03d 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment-replications-operator/role.yaml @@ -4,27 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["replication.database.arangodb.com"] - resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "replication.database.arangodb.com" + resources: + - "arangodeploymentreplications" + - "arangodeploymentreplications/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/deployment.yaml b/chart/kube-arangodb-enterprise/templates/deployment.yaml index 7811a6744..4e6952059 100644 --- a/chart/kube-arangodb-enterprise/templates/deployment.yaml +++ b/chart/kube-arangodb-enterprise/templates/deployment.yaml @@ -11,259 +11,259 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 8 }} {{- end }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: {{- if .Values.operator.debug }} - replicas: 1 + replicas: 1 {{- else }} - replicas: {{ .Values.operator.replicaCount }} + replicas: {{ .Values.operator.replicaCount }} {{- end }} - strategy: + strategy: {{ toYaml .Values.operator.updateStrategy | indent 8 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 16 }} {{- end }} - spec: + spec: {{- if .Values.operator.nodeSelector }} - nodeSelector: + nodeSelector: {{ toYaml .Values.operator.nodeSelector | indent 16 }} {{- end }} - serviceAccountName: {{ template "kube-arangodb.operatorName" . }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: {{- range .Values.operator.architectures }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - {{ template "kube-arangodb.name" . }} - - key: app.kubernetes.io/instance - operator: In - values: - - {{ .Release.Name }} - hostNetwork: false - hostPID: false - hostIPC: false - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.operator.securityContext.runAsUser }} - containers: - - name: operator - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: {{- if .Values.certificate.enabled }} - - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert - - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert {{- end -}} {{- if .Values.operator.features.deployment }} - - --operator.deployment + - --operator.deployment {{- end -}} {{ if .Values.operator.features.deploymentReplications }} - - --operator.deployment-replication + - --operator.deployment-replication {{- end -}} {{ if .Values.operator.features.storage }} - - --operator.storage + - --operator.storage {{- end }} {{ if .Values.operator.features.backup }} - - --operator.backup + - --operator.backup {{- end }} {{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} - - --mode.single + - --mode.single {{- end }} {{- if .Values.operator.skipLeaderLabels }} - - --leader.label.skip + - --leader.label.skip {{- end }} {{ if .Values.operator.features.apps }} - - --operator.apps + - --operator.apps {{- end }} {{ if .Values.operator.features.ml }} - - --operator.ml + - --operator.ml {{- end }} {{ if .Values.operator.features.analytics }} - - --operator.analytics + - --operator.analytics {{- end }} {{ if .Values.operator.features.networking }} - - --operator.networking + - --operator.networking {{- end }} {{ if .Values.operator.features.scheduler }} - - --operator.scheduler + - --operator.scheduler {{- end }} {{ if .Values.operator.features.platform }} - - --operator.platform + - --operator.platform {{- end }} {{ if .Values.operator.features.k8sToK8sClusterSync }} - - --operator.k2k-cluster-sync + - --operator.k2k-cluster-sync {{- end }} - - --chaos.allowed={{ .Values.operator.allowChaos }} + - --chaos.allowed={{ .Values.operator.allowChaos }} {{- if .Values.operator.args }} {{- range .Values.operator.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "operator" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP {{- if .Values.operator.features.apps }} - - name: ARANGOJOB_SA_NAME - value: "{{ template "kube-arangodb.operatorName" . }}-job" + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" {{- end }} - ports: - - name: metrics - containerPort: 8528 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.operator.debug }} - add: - - 'SYS_PTRACE' + add: + - 'SYS_PTRACE' {{- end }} {{- if .Values.operator.resources }} - resources: + resources: {{ toYaml .Values.operator.resources | indent 22 }} {{- end }} {{- if not .Values.operator.debug }} - livenessProbe: - httpGet: - path: /health - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{ if .Values.webhooks.enabled }} - - name: webhooks - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: - - webhook + - name: webhooks + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - webhook {{- if .Values.certificate.enabled }} - - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert - - --ssl.secret.namespace={{ .Release.Namespace }} + - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert + - --ssl.secret.namespace={{ .Release.Namespace }} {{- end -}} {{- if .Values.webhooks.args }} {{- range .Values.webhooks.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "webhooks" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - name: webhooks - containerPort: 8828 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "webhooks" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - name: webhooks + containerPort: 8828 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.webhooks.resources }} - resources: + resources: {{ toYaml .Values.webhooks.resources | indent 22 }} {{- end }} {{- if not .Values.webhooks.debug }} - livenessProbe: - httpGet: - path: /health - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{- end }} - tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 {{- if .Values.operator.tolerations }} {{ toYaml .Values.operator.tolerations | indent 16 }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml index c8cef6a03..86c001ed1 100644 --- a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml index 17f1a73f3..b3cbd5e55 100644 --- a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml index c4399917d..26ec71722 100644 --- a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml index d308f9111..73b0b44da 100644 --- a/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/k2k-cluster-sync-operator/role.yaml @@ -4,30 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangoclustersynchronizations"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangoclustersynchronizations" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml index 85d3cdc05..41fdb4fba 100644 --- a/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml index 4e6a92385..cef297758 100644 --- a/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml index a7a666189..1da89eac3 100644 --- a/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml index bc628afa4..a5e2beb4e 100644 --- a/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/ml-operator/role.yaml @@ -4,65 +4,107 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "ml.arangodb.com" - resources: - - "arangomlextensions" - - "arangomlextensions/status" - - "arangomlbatchjobs" - - "arangomlbatchjobs/status" - - "arangomlcronjobs" - - "arangomlcronjobs/status" - - "arangomlstorages" - - "arangomlstorages/status" - verbs: - - "*" - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "roles" - - "rolebindings" - verbs: ["*"] - - apiGroups: - - "batch" - resources: - - "cronjobs" - - "jobs" - verbs: ["*"] - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [""] - resources: - - "pods" - - "secrets" - - "services" - - "serviceaccounts" - verbs: ["*"] + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role-binding.yaml index ece410ff9..7c079cb9b 100644 --- a/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role.yaml index 45840ac01..0dc745635 100644 --- a/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/networking-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/networking-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/networking-operator/role-binding.yaml index 29802d1d8..d4ed87e64 100644 --- a/chart/kube-arangodb-enterprise/templates/networking-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/networking-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/networking-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/networking-operator/role.yaml index 3da6b9dff..5f4f5a0c8 100644 --- a/chart/kube-arangodb-enterprise/templates/networking-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/networking-operator/role.yaml @@ -4,20 +4,37 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["networking.arangodb.com"] - resources: ["arangoroutes", "arangoroutes/status"] - verbs: ["*"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "networking.arangodb.com" + resources: + - "arangoroutes" + - "arangoroutes/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role-binding.yaml index 200625d04..1a964af5f 100644 --- a/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role.yaml index ee3202c4d..0aa01df47 100644 --- a/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/platform-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/platform-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/platform-operator/role-binding.yaml index 7eae42709..60ff0285f 100644 --- a/chart/kube-arangodb-enterprise/templates/platform-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/platform-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/platform-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/platform-operator/role.yaml index fc0d8d71d..2b2ab4389 100644 --- a/chart/kube-arangodb-enterprise/templates/platform-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/platform-operator/role.yaml @@ -4,46 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["platform.arangodb.com"] + - apiGroups: + - "platform.arangodb.com" resources: - - "arangoplatformstorages" - - "arangoplatformstorages/status" - - "arangoplatformcharts" - - "arangoplatformcharts/status" - - "arangoplatformservices" - - "arangoplatformservices/status" - verbs: ["*"] + - "arangoplatformstorages" + - "arangoplatformstorages/status" + - "arangoplatformcharts" + - "arangoplatformcharts/status" + - "arangoplatformservices" + - "arangoplatformservices/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "rbac.authorization.k8s.io" resources: - "roles" - "rolebindings" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "batch" resources: - "cronjobs" - "jobs" - verbs: [ "*" ] - - apiGroups: [ "apps" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" resources: - "statefulsets" - verbs: [ "*" ] - - apiGroups: [ "" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" resources: - "pods" - "secrets" - "services" - "serviceaccounts" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role-binding.yaml index aa1dd27d9..b2398ea0b 100644 --- a/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role.yaml index 12e4b2fd3..917ec8336 100644 --- a/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/scheduler-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/scheduler-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/scheduler-operator/role-binding.yaml index 02e1eb816..9e2672dc5 100644 --- a/chart/kube-arangodb-enterprise/templates/scheduler-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/scheduler-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/scheduler-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/scheduler-operator/role.yaml index f254c77c6..0933fc8b2 100644 --- a/chart/kube-arangodb-enterprise/templates/scheduler-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/scheduler-operator/role.yaml @@ -4,60 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - - "arangoschedulerpods" - - "arangoschedulerpods/status" - - "arangoschedulerdeployments" - - "arangoschedulerdeployments/status" - - "arangoschedulerbatchjobs" - - "arangoschedulerbatchjobs/status" - - "arangoschedulercronjobs" - - "arangoschedulercronjobs/status" - verbs: - - "*" - - apiGroups: - - "" - resources: - - "pods" - - "pods/status" - verbs: - - "*" - - apiGroups: - - "apps" - resources: - - "deployments" - - "deployments/status" - verbs: - - "*" - - apiGroups: - - "batch" - resources: - - "jobs" - - "jobs/status" - - "cronjobs" - - "cronjobs/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + - "arangoschedulerpods" + - "arangoschedulerpods/status" + - "arangoschedulerdeployments" + - "arangoschedulerdeployments/status" + - "arangoschedulerbatchjobs" + - "arangoschedulerbatchjobs/status" + - "arangoschedulercronjobs" + - "arangoschedulercronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "pods/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "deployments/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "jobs" + - "jobs/status" + - "cronjobs" + - "cronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/service-account.yaml b/chart/kube-arangodb-enterprise/templates/service-account.yaml index 3c102d1a7..6855b7ee2 100644 --- a/chart/kube-arangodb-enterprise/templates/service-account.yaml +++ b/chart/kube-arangodb-enterprise/templates/service-account.yaml @@ -4,11 +4,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml index cfaaff455..23d56b656 100644 --- a/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role-binding.yaml @@ -4,21 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml index 8109978b3..061e4d730 100644 --- a/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/cluster-role.yaml @@ -4,29 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] - verbs: ["*"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["*"] - - apiGroups: ["storage.arangodb.com"] - resources: ["arangolocalstorages"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "persistentvolumes" + - "persistentvolumeclaims" + - "endpoints" + - "events" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "storage.k8s.io" + resources: + - "storageclasses" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "storage.arangodb.com" + resources: + - "arangolocalstorages" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml index b1f021c19..fb168515a 100644 --- a/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/crd.yaml @@ -4,31 +4,31 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: arangolocalstorages.storage.arangodb.com - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: - group: storage.arangodb.com - names: - kind: ArangoLocalStorage - listKind: ArangoLocalStorageList - plural: arangolocalstorages - shortNames: - - arangostorage - singular: arangolocalstorage - scope: Cluster - versions: - - name: v1alpha - served: true - storage: true - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml index 5e120f06b..f31ed05a0 100644 --- a/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml b/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml index 47553bb0a..4996ad89e 100644 --- a/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml +++ b/chart/kube-arangodb-enterprise/templates/storage-operator/role.yaml @@ -4,27 +4,49 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "update", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" + - "update" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "daemonsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb-enterprise/templates/webhook/mutation.yaml b/chart/kube-arangodb-enterprise/templates/webhook/mutation.yaml index 27efd0821..c5b8259a1 100644 --- a/chart/kube-arangodb-enterprise/templates/webhook/mutation.yaml +++ b/chart/kube-arangodb-enterprise/templates/webhook/mutation.yaml @@ -25,17 +25,22 @@ webhooks: - key: profiles.arangodb.com/deployment operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 - name: "generic.pod.policies.scheduler.arangodb.com" @@ -50,17 +55,22 @@ webhooks: - key: profiles.arangodb.com/apply operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 diff --git a/chart/kube-arangodb-enterprise/templates/webhook/validation.yaml b/chart/kube-arangodb-enterprise/templates/webhook/validation.yaml index 0c791cacc..7b8db4523 100644 --- a/chart/kube-arangodb-enterprise/templates/webhook/validation.yaml +++ b/chart/kube-arangodb-enterprise/templates/webhook/validation.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} -webhooks: [] +webhooks: [ ] {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/analytics-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/analytics-operator/cluster-role-binding.yaml index 201c4915b..4f6628055 100644 --- a/chart/kube-arangodb/templates/analytics-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/analytics-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/analytics-operator/cluster-role.yaml b/chart/kube-arangodb/templates/analytics-operator/cluster-role.yaml index 76ac5ee99..a35eeaba7 100644 --- a/chart/kube-arangodb/templates/analytics-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/analytics-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-analytics + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/analytics-operator/role-binding.yaml b/chart/kube-arangodb/templates/analytics-operator/role-binding.yaml index 9fd0877f4..967e1f06c 100644 --- a/chart/kube-arangodb/templates/analytics-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/analytics-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-analytics + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-analytics subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/analytics-operator/role.yaml b/chart/kube-arangodb/templates/analytics-operator/role.yaml index 84e6cba2f..597f2e36c 100644 --- a/chart/kube-arangodb/templates/analytics-operator/role.yaml +++ b/chart/kube-arangodb/templates/analytics-operator/role.yaml @@ -4,38 +4,60 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-analytics - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-analytics + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "analytics.arangodb.com" - resources: - - "graphanalyticsengines" - - "graphanalyticsengines/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [ "" ] - resources: - - "secrets" - - "services" - verbs: [ "*" ] + - apiGroups: + - "analytics.arangodb.com" + resources: + - "graphanalyticsengines" + - "graphanalyticsengines/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/apps-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/apps-operator/cluster-role-binding.yaml index 785c6e886..d0bfb7774 100644 --- a/chart/kube-arangodb/templates/apps-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/apps-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/apps-operator/cluster-role.yaml b/chart/kube-arangodb/templates/apps-operator/cluster-role.yaml index 4789de945..6bfa5a080 100644 --- a/chart/kube-arangodb/templates/apps-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/apps-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-apps - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-apps + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/apps-operator/role-binding.yaml b/chart/kube-arangodb/templates/apps-operator/role-binding.yaml index dbd9fc636..fc323e9f5 100644 --- a/chart/kube-arangodb/templates/apps-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/apps-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-apps + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-apps subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} --- diff --git a/chart/kube-arangodb/templates/apps-operator/role.yaml b/chart/kube-arangodb/templates/apps-operator/role.yaml index 63df49055..6f3b1c90c 100644 --- a/chart/kube-arangodb/templates/apps-operator/role.yaml +++ b/chart/kube-arangodb/templates/apps-operator/role.yaml @@ -4,36 +4,82 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-apps - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-apps + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] - - apiGroups: ["apps.arangodb.com"] - resources: ["arangojobs","arangojobs/status"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "batch" + resources: + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps.arangodb.com" + resources: + - "arangojobs" + - "arangojobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -47,8 +93,13 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/apps-operator/service-account-job.yaml b/chart/kube-arangodb/templates/apps-operator/service-account-job.yaml index 07ae08095..c184f4d6b 100644 --- a/chart/kube-arangodb/templates/apps-operator/service-account-job.yaml +++ b/chart/kube-arangodb/templates/apps-operator/service-account-job.yaml @@ -5,11 +5,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }}-job namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb/templates/backup-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/backup-operator/cluster-role-binding.yaml index 4f1c23cff..2b5c3350b 100644 --- a/chart/kube-arangodb/templates/backup-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/backup-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/backup-operator/cluster-role.yaml b/chart/kube-arangodb/templates/backup-operator/cluster-role.yaml index a1c011982..43cd30081 100644 --- a/chart/kube-arangodb/templates/backup-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/backup-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-backup - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-backup + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/backup-operator/role-binding.yaml b/chart/kube-arangodb/templates/backup-operator/role-binding.yaml index 679902669..afbf38eed 100644 --- a/chart/kube-arangodb/templates/backup-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/backup-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-backup + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-backup subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/backup-operator/role.yaml b/chart/kube-arangodb/templates/backup-operator/role.yaml index 8d4aff472..083a81466 100644 --- a/chart/kube-arangodb/templates/backup-operator/role.yaml +++ b/chart/kube-arangodb/templates/backup-operator/role.yaml @@ -4,32 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-backup - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-backup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackuppolicies/status", "arangobackups", "arangobackups/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackuppolicies/status" + - "arangobackups" + - "arangobackups/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/certificates/issuer.ca.yaml b/chart/kube-arangodb/templates/certificates/issuer.ca.yaml index 0b3f33291..bc0a75319 100644 --- a/chart/kube-arangodb/templates/certificates/issuer.ca.yaml +++ b/chart/kube-arangodb/templates/certificates/issuer.ca.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} spec: - selfSigned: {} + selfSigned: { } {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/crd/cluster-role-binding.yaml b/chart/kube-arangodb/templates/crd/cluster-role-binding.yaml index a0355a66f..dd3f64ad3 100644 --- a/chart/kube-arangodb/templates/crd/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/crd/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/crd/cluster-role.yaml b/chart/kube-arangodb/templates/crd/cluster-role.yaml index 0704a51fa..e4663fb58 100644 --- a/chart/kube-arangodb/templates/crd/cluster-role.yaml +++ b/chart/kube-arangodb/templates/crd/cluster-role.yaml @@ -5,44 +5,52 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-crd - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-crd + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: {{ if .Values.operator.features.analytics -}} -# analytics.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # analytics.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "graphanalyticsengines.analytics.arangodb.com" {{- end }} {{ if .Values.operator.features.apps -}} -# apps.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # apps.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangojobs.apps.arangodb.com" {{- end }} {{ if .Values.operator.features.backup -}} -# backup.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # backup.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangobackuppolicies.backup.arangodb.com" - "arangobackups.backup.arangodb.com" {{- end }} {{ if .Values.operator.features.deployment -}} -# database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoclustersynchronizations.database.arangodb.com" - "arangodeployments.database.arangodb.com" @@ -50,10 +58,12 @@ rules: - "arangotasks.database.arangodb.com" {{- end }} {{ if .Values.operator.features.ml -}} -# ml.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # ml.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangomlbatchjobs.ml.arangodb.com" - "arangomlcronjobs.ml.arangodb.com" @@ -61,26 +71,32 @@ rules: - "arangomlstorages.ml.arangodb.com" {{- end }} {{ if .Values.operator.features.networking -}} -# networking.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # networking.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoroutes.networking.arangodb.com" {{- end }} {{ if .Values.operator.features.deploymentReplications -}} -# replication.database.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # replication.database.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangodeploymentreplications.replication.database.arangodb.com" {{- end }} {{ if .Values.operator.features.scheduler -}} -# scheduler.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # scheduler.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoprofiles.scheduler.arangodb.com" - "arangoschedulerpods.scheduler.arangodb.com" @@ -89,10 +105,12 @@ rules: - "arangoschedulercronjobs.scheduler.arangodb.com" {{- end }} {{ if .Values.operator.features.platform -}} -# platform.arangodb.com - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update"] + # platform.arangodb.com + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: [{{ if .Values.operator.enableCRDCreation }}"create", {{ end }}"get", "list", "watch", "update" ] resourceNames: - "arangoplatformcharts.platform.arangodb.com" - "arangoplatformstorages.platform.arangodb.com" diff --git a/chart/kube-arangodb/templates/debug/cluster-role-binding.yaml b/chart/kube-arangodb/templates/debug/cluster-role-binding.yaml index 47bb00b02..a474ca6b0 100644 --- a/chart/kube-arangodb/templates/debug/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/debug/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/debug/cluster-role.yaml b/chart/kube-arangodb/templates/debug/cluster-role.yaml index 59b1be1fe..ae8bcc171 100644 --- a/chart/kube-arangodb/templates/debug/cluster-role.yaml +++ b/chart/kube-arangodb/templates/debug/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-debug - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-debug + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/debug/role-binding.yaml b/chart/kube-arangodb/templates/debug/role-binding.yaml index b54d447cd..815dbff52 100644 --- a/chart/kube-arangodb/templates/debug/role-binding.yaml +++ b/chart/kube-arangodb/templates/debug/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-debug + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-debug subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/debug/role.yaml b/chart/kube-arangodb/templates/debug/role.yaml index e18cf7cda..5e83a3fce 100644 --- a/chart/kube-arangodb/templates/debug/role.yaml +++ b/chart/kube-arangodb/templates/debug/role.yaml @@ -4,30 +4,40 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-debug - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-debug + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - apiGroups: -# Core - - "" - - "apps" - - "batch" -# Arango - - "analytics.arangodb.com" - - "ml.arangodb.com" - resources: ["*"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/log"] - verbs: ["get", "list"] - - apiGroups: [""] - resources: ["pods/exec"] - verbs: ["create"] + # Core + - "" + - "apps" + - "batch" + # Arango + - "analytics.arangodb.com" + - "ml.arangodb.com" + resources: + - "*" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/log" + verbs: + - "get" + - "list" + - apiGroups: + - "" + resources: + - "pods/exec" + verbs: + - "create" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml index 5e3261c21..cbaea7494 100644 --- a/chart/kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/deployment-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-operator/cluster-role.yaml b/chart/kube-arangodb/templates/deployment-operator/cluster-role.yaml index 1e9222396..1a4784552 100644 --- a/chart/kube-arangodb/templates/deployment-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/deployment-operator/cluster-role.yaml @@ -5,20 +5,31 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes", "persistentvolumes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + - "persistentvolumes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml index 606474ee4..4a8658a50 100644 --- a/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml +++ b/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-default + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default subjects: - - kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb/templates/deployment-operator/default-role.yaml index af530b233..8a223326d 100644 --- a/chart/kube-arangodb/templates/deployment-operator/default-role.yaml +++ b/chart/kube-arangodb/templates/deployment-operator/default-role.yaml @@ -4,18 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-default - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/deployment-operator/role-binding.yaml b/chart/kube-arangodb/templates/deployment-operator/role-binding.yaml index d06ec7ec0..94aecba5f 100644 --- a/chart/kube-arangodb/templates/deployment-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/deployment-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-operator/role.yaml b/chart/kube-arangodb/templates/deployment-operator/role.yaml index a3ca5bc75..7d31d1acc 100644 --- a/chart/kube-arangodb/templates/deployment-operator/role.yaml +++ b/chart/kube-arangodb/templates/deployment-operator/role.yaml @@ -4,50 +4,141 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangodeployments/status","arangomembers", "arangomembers/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangodeployments/status" + - "arangomembers" + - "arangomembers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- if .Values.rbac.extensions.acs }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangoclustersynchronizations", "arangoclustersynchronizations/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangoclustersynchronizations" + - "arangoclustersynchronizations/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- if .Values.rbac.extensions.at }} - - apiGroups: ["database.arangodb.com"] - resources: ["arangotasks", "arangotasks/status"] - verbs: ["*"] + - apiGroups: + - "database.arangodb.com" + resources: + - "arangotasks" + - "arangotasks/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets", "serviceaccounts", "configmaps"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["policy"] - resources: ["poddisruptionbudgets"] - verbs: ["*"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["*"] - - apiGroups: ["platform.arangodb.com"] - resources: ["arangoplatformstorages", "arangoplatformstorages/status"] - verbs: ["get", "list", "watch"] - - apiGroups: ["backup.arangodb.com"] - resources: ["arangobackuppolicies", "arangobackups"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + - "serviceaccounts" + - "configmaps" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "policy" + resources: + - "poddisruptionbudgets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "platform.arangodb.com" + resources: + - "arangoplatformstorages" + - "arangoplatformstorages/status" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "backup.arangodb.com" + resources: + - "arangobackuppolicies" + - "arangobackups" + verbs: + - "get" + - "list" + - "watch" {{- if .Values.rbac.extensions.monitoring }} - - apiGroups: ["monitoring.coreos.com"] - resources: ["servicemonitors"] - verbs: ["get", "create", "delete", "update", "list", "watch", "patch"] + - apiGroups: + - "monitoring.coreos.com" + resources: + - "servicemonitors" + verbs: + - "get" + - "create" + - "delete" + - "update" + - "list" + - "watch" + - "patch" {{- end }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml index e526e91f3..54426af78 100644 --- a/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml b/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml index cd4f9eb67..d7b1efaeb 100644 --- a/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/deployment-replications-operator/cluster-role.yaml @@ -5,20 +5,30 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-deployment-replication + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-replications-operator/role-binding.yaml b/chart/kube-arangodb/templates/deployment-replications-operator/role-binding.yaml index f908090c9..1b8226bf5 100644 --- a/chart/kube-arangodb/templates/deployment-replications-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/deployment-replications-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb/templates/deployment-replications-operator/role.yaml b/chart/kube-arangodb/templates/deployment-replications-operator/role.yaml index c8cf8f993..19a87d03d 100644 --- a/chart/kube-arangodb/templates/deployment-replications-operator/role.yaml +++ b/chart/kube-arangodb/templates/deployment-replications-operator/role.yaml @@ -4,27 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-deployment-replication - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-deployment-replication + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["replication.database.arangodb.com"] - resources: ["arangodeploymentreplications", "arangodeploymentreplications/status"] - verbs: ["*"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events", "secrets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "replication.database.arangodb.com" + resources: + - "arangodeploymentreplications" + - "arangodeploymentreplications/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + - "persistentvolumeclaims" + - "events" + - "secrets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/deployment.yaml b/chart/kube-arangodb/templates/deployment.yaml index 7811a6744..4e6952059 100644 --- a/chart/kube-arangodb/templates/deployment.yaml +++ b/chart/kube-arangodb/templates/deployment.yaml @@ -11,259 +11,259 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 8 }} {{- end }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: {{- if .Values.operator.debug }} - replicas: 1 + replicas: 1 {{- else }} - replicas: {{ .Values.operator.replicaCount }} + replicas: {{ .Values.operator.replicaCount }} {{- end }} - strategy: + strategy: {{ toYaml .Values.operator.updateStrategy | indent 8 }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.annotations }} - annotations: + annotations: {{ toYaml .Values.operator.annotations | indent 16 }} {{- end }} - spec: + spec: {{- if .Values.operator.nodeSelector }} - nodeSelector: + nodeSelector: {{ toYaml .Values.operator.nodeSelector | indent 16 }} {{- end }} - serviceAccountName: {{ template "kube-arangodb.operatorName" . }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: + serviceAccountName: {{ template "kube-arangodb.operatorName" . }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: {{- range .Values.operator.architectures }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - topologyKey: "kubernetes.io/hostname" - labelSelector: - matchExpressions: - - key: app.kubernetes.io/name - operator: In - values: - - {{ template "kube-arangodb.name" . }} - - key: app.kubernetes.io/instance - operator: In - values: - - {{ .Release.Name }} - hostNetwork: false - hostPID: false - hostIPC: false - securityContext: - runAsNonRoot: true - runAsUser: {{ .Values.operator.securityContext.runAsUser }} - containers: - - name: operator - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ template "kube-arangodb.name" . }} + - key: app.kubernetes.io/instance + operator: In + values: + - {{ .Release.Name }} + hostNetwork: false + hostPID: false + hostIPC: false + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.operator.securityContext.runAsUser }} + containers: + - name: operator + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: {{- if .Values.certificate.enabled }} - - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert - - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --server.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert + - --api.tls-secret-name={{ template "kube-arangodb.operatorName" . }}-cert {{- end -}} {{- if .Values.operator.features.deployment }} - - --operator.deployment + - --operator.deployment {{- end -}} {{ if .Values.operator.features.deploymentReplications }} - - --operator.deployment-replication + - --operator.deployment-replication {{- end -}} {{ if .Values.operator.features.storage }} - - --operator.storage + - --operator.storage {{- end }} {{ if .Values.operator.features.backup }} - - --operator.backup + - --operator.backup {{- end }} {{- if or .Values.operator.debug (eq ( int .Values.operator.replicaCount) 1) }} - - --mode.single + - --mode.single {{- end }} {{- if .Values.operator.skipLeaderLabels }} - - --leader.label.skip + - --leader.label.skip {{- end }} {{ if .Values.operator.features.apps }} - - --operator.apps + - --operator.apps {{- end }} {{ if .Values.operator.features.ml }} - - --operator.ml + - --operator.ml {{- end }} {{ if .Values.operator.features.analytics }} - - --operator.analytics + - --operator.analytics {{- end }} {{ if .Values.operator.features.networking }} - - --operator.networking + - --operator.networking {{- end }} {{ if .Values.operator.features.scheduler }} - - --operator.scheduler + - --operator.scheduler {{- end }} {{ if .Values.operator.features.platform }} - - --operator.platform + - --operator.platform {{- end }} {{ if .Values.operator.features.k8sToK8sClusterSync }} - - --operator.k2k-cluster-sync + - --operator.k2k-cluster-sync {{- end }} - - --chaos.allowed={{ .Values.operator.allowChaos }} + - --chaos.allowed={{ .Values.operator.allowChaos }} {{- if .Values.operator.args }} {{- range .Values.operator.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "operator" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "operator" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP {{- if .Values.operator.features.apps }} - - name: ARANGOJOB_SA_NAME - value: "{{ template "kube-arangodb.operatorName" . }}-job" + - name: ARANGOJOB_SA_NAME + value: "{{ template "kube-arangodb.operatorName" . }}-job" {{- end }} - ports: - - name: metrics - containerPort: 8528 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + ports: + - name: metrics + containerPort: 8528 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.operator.debug }} - add: - - 'SYS_PTRACE' + add: + - 'SYS_PTRACE' {{- end }} {{- if .Values.operator.resources }} - resources: + resources: {{ toYaml .Values.operator.resources | indent 22 }} {{- end }} {{- if not .Values.operator.debug }} - livenessProbe: - httpGet: - path: /health - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8528 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8528 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{ if .Values.webhooks.enabled }} - - name: webhooks - imagePullPolicy: {{ .Values.operator.imagePullPolicy }} - image: {{ .Values.operator.image }} - args: - - webhook + - name: webhooks + imagePullPolicy: {{ .Values.operator.imagePullPolicy }} + image: {{ .Values.operator.image }} + args: + - webhook {{- if .Values.certificate.enabled }} - - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert - - --ssl.secret.namespace={{ .Release.Namespace }} + - --ssl.secret.name={{ template "kube-arangodb.operatorName" . }}-webhook-cert + - --ssl.secret.namespace={{ .Release.Namespace }} {{- end -}} {{- if .Values.webhooks.args }} {{- range .Values.webhooks.args }} - - {{ . | quote }} + - {{ . | quote }} {{- end }} {{- end }} - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_CONTAINER_NAME - value: "webhooks" - - name: MY_POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - ports: - - name: webhooks - containerPort: 8828 - securityContext: - privileged: false - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: - drop: - - 'ALL' + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_CONTAINER_NAME + value: "webhooks" + - name: MY_POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + ports: + - name: webhooks + containerPort: 8828 + securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - 'ALL' {{- if .Values.webhooks.resources }} - resources: + resources: {{ toYaml .Values.webhooks.resources | indent 22 }} {{- end }} {{- if not .Values.webhooks.debug }} - livenessProbe: - httpGet: - path: /health - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /ready - port: 8828 - scheme: HTTPS - initialDelaySeconds: 5 - periodSeconds: 10 + livenessProbe: + httpGet: + path: /health + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /ready + port: 8828 + scheme: HTTPS + initialDelaySeconds: 5 + periodSeconds: 10 {{- end }} {{- end }} - tolerations: - - key: "node.kubernetes.io/unreachable" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 - - key: "node.kubernetes.io/not-ready" - operator: "Exists" - effect: "NoExecute" - tolerationSeconds: 5 + tolerations: + - key: "node.kubernetes.io/unreachable" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 + - key: "node.kubernetes.io/not-ready" + operator: "Exists" + effect: "NoExecute" + tolerationSeconds: 5 {{- if .Values.operator.tolerations }} {{ toYaml .Values.operator.tolerations | indent 16 }} {{- end }} diff --git a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml index c8cef6a03..86c001ed1 100644 --- a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role.yaml b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role.yaml index 17f1a73f3..b3cbd5e55 100644 --- a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-k2kclustersync + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role-binding.yaml b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role-binding.yaml index c4399917d..26ec71722 100644 --- a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role.yaml b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role.yaml index d308f9111..73b0b44da 100644 --- a/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role.yaml +++ b/chart/kube-arangodb/templates/k2k-cluster-sync-operator/role.yaml @@ -4,30 +4,58 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-k2kclustersync + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "update"] - - apiGroups: [""] - resources: ["events"] - verbs: ["*"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] - - apiGroups: ["database.arangodb.com"] - resources: ["arangodeployments", "arangoclustersynchronizations"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "update" + - apiGroups: + - "" + resources: + - "events" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + - "arangoclustersynchronizations" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/ml-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/ml-operator/cluster-role-binding.yaml index 85d3cdc05..41fdb4fba 100644 --- a/chart/kube-arangodb/templates/ml-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/ml-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/ml-operator/cluster-role.yaml b/chart/kube-arangodb/templates/ml-operator/cluster-role.yaml index 4e6a92385..cef297758 100644 --- a/chart/kube-arangodb/templates/ml-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/ml-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-ml - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-ml + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/ml-operator/role-binding.yaml b/chart/kube-arangodb/templates/ml-operator/role-binding.yaml index a7a666189..1da89eac3 100644 --- a/chart/kube-arangodb/templates/ml-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/ml-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-ml + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-ml subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/ml-operator/role.yaml b/chart/kube-arangodb/templates/ml-operator/role.yaml index bc628afa4..a5e2beb4e 100644 --- a/chart/kube-arangodb/templates/ml-operator/role.yaml +++ b/chart/kube-arangodb/templates/ml-operator/role.yaml @@ -4,65 +4,107 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-ml - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-ml + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "ml.arangodb.com" - resources: - - "arangomlextensions" - - "arangomlextensions/status" - - "arangomlbatchjobs" - - "arangomlbatchjobs/status" - - "arangomlcronjobs" - - "arangomlcronjobs/status" - - "arangomlstorages" - - "arangomlstorages/status" - verbs: - - "*" - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "roles" - - "rolebindings" - verbs: ["*"] - - apiGroups: - - "batch" - resources: - - "cronjobs" - - "jobs" - verbs: ["*"] - - apiGroups: ["apps"] - resources: - - "statefulsets" - verbs: ["*"] - - apiGroups: [""] - resources: - - "pods" - - "secrets" - - "services" - - "serviceaccounts" - verbs: ["*"] + - apiGroups: + - "ml.arangodb.com" + resources: + - "arangomlextensions" + - "arangomlextensions/status" + - "arangomlbatchjobs" + - "arangomlbatchjobs/status" + - "arangomlcronjobs" + - "arangomlcronjobs/status" + - "arangomlstorages" + - "arangomlstorages/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "roles" + - "rolebindings" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "cronjobs" + - "jobs" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "statefulsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "secrets" + - "services" + - "serviceaccounts" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/networking-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/networking-operator/cluster-role-binding.yaml index ece410ff9..7c079cb9b 100644 --- a/chart/kube-arangodb/templates/networking-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/networking-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/networking-operator/cluster-role.yaml b/chart/kube-arangodb/templates/networking-operator/cluster-role.yaml index 45840ac01..0dc745635 100644 --- a/chart/kube-arangodb/templates/networking-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/networking-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-networking - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-networking + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/networking-operator/role-binding.yaml b/chart/kube-arangodb/templates/networking-operator/role-binding.yaml index 29802d1d8..d4ed87e64 100644 --- a/chart/kube-arangodb/templates/networking-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/networking-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-networking + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-networking subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/networking-operator/role.yaml b/chart/kube-arangodb/templates/networking-operator/role.yaml index 3da6b9dff..5f4f5a0c8 100644 --- a/chart/kube-arangodb/templates/networking-operator/role.yaml +++ b/chart/kube-arangodb/templates/networking-operator/role.yaml @@ -4,20 +4,37 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-networking - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-networking + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["networking.arangodb.com"] - resources: ["arangoroutes", "arangoroutes/status"] - verbs: ["*"] - - apiGroups: [""] - resources: ["pods", "services", "endpoints"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "networking.arangodb.com" + resources: + - "arangoroutes" + - "arangoroutes/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "services" + - "endpoints" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/platform-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/platform-operator/cluster-role-binding.yaml index 200625d04..1a964af5f 100644 --- a/chart/kube-arangodb/templates/platform-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/platform-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/platform-operator/cluster-role.yaml b/chart/kube-arangodb/templates/platform-operator/cluster-role.yaml index ee3202c4d..0aa01df47 100644 --- a/chart/kube-arangodb/templates/platform-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/platform-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-platform - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-platform + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/platform-operator/role-binding.yaml b/chart/kube-arangodb/templates/platform-operator/role-binding.yaml index 7eae42709..60ff0285f 100644 --- a/chart/kube-arangodb/templates/platform-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/platform-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-platform + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-platform subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/platform-operator/role.yaml b/chart/kube-arangodb/templates/platform-operator/role.yaml index fc0d8d71d..2b2ab4389 100644 --- a/chart/kube-arangodb/templates/platform-operator/role.yaml +++ b/chart/kube-arangodb/templates/platform-operator/role.yaml @@ -4,46 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-platform - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-platform + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["platform.arangodb.com"] + - apiGroups: + - "platform.arangodb.com" resources: - - "arangoplatformstorages" - - "arangoplatformstorages/status" - - "arangoplatformcharts" - - "arangoplatformcharts/status" - - "arangoplatformservices" - - "arangoplatformservices/status" - verbs: ["*"] + - "arangoplatformstorages" + - "arangoplatformstorages/status" + - "arangoplatformcharts" + - "arangoplatformcharts/status" + - "arangoplatformservices" + - "arangoplatformservices/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "rbac.authorization.k8s.io" resources: - "roles" - "rolebindings" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" - apiGroups: - "batch" resources: - "cronjobs" - "jobs" - verbs: [ "*" ] - - apiGroups: [ "apps" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" resources: - "statefulsets" - verbs: [ "*" ] - - apiGroups: [ "" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" resources: - "pods" - "secrets" - "services" - "serviceaccounts" - verbs: [ "*" ] + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/scheduler-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/scheduler-operator/cluster-role-binding.yaml index aa1dd27d9..b2398ea0b 100644 --- a/chart/kube-arangodb/templates/scheduler-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/scheduler-operator/cluster-role-binding.yaml @@ -5,21 +5,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/scheduler-operator/cluster-role.yaml b/chart/kube-arangodb/templates/scheduler-operator/cluster-role.yaml index 12e4b2fd3..917ec8336 100644 --- a/chart/kube-arangodb/templates/scheduler-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/scheduler-operator/cluster-role.yaml @@ -5,17 +5,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-scheduler + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} diff --git a/chart/kube-arangodb/templates/scheduler-operator/role-binding.yaml b/chart/kube-arangodb/templates/scheduler-operator/role-binding.yaml index 02e1eb816..9e2672dc5 100644 --- a/chart/kube-arangodb/templates/scheduler-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/scheduler-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-scheduler + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-scheduler subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/scheduler-operator/role.yaml b/chart/kube-arangodb/templates/scheduler-operator/role.yaml index f254c77c6..0933fc8b2 100644 --- a/chart/kube-arangodb/templates/scheduler-operator/role.yaml +++ b/chart/kube-arangodb/templates/scheduler-operator/role.yaml @@ -4,60 +4,84 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-scheduler - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-scheduler + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: - - "scheduler.arangodb.com" - resources: - - "arangoprofiles" - - "arangoprofiles/status" - - "arangoschedulerpods" - - "arangoschedulerpods/status" - - "arangoschedulerdeployments" - - "arangoschedulerdeployments/status" - - "arangoschedulerbatchjobs" - - "arangoschedulerbatchjobs/status" - - "arangoschedulercronjobs" - - "arangoschedulercronjobs/status" - verbs: - - "*" - - apiGroups: - - "" - resources: - - "pods" - - "pods/status" - verbs: - - "*" - - apiGroups: - - "apps" - resources: - - "deployments" - - "deployments/status" - verbs: - - "*" - - apiGroups: - - "batch" - resources: - - "jobs" - - "jobs/status" - - "cronjobs" - - "cronjobs/status" - verbs: - - "*" - - apiGroups: - - "database.arangodb.com" - resources: - - "arangodeployments" - verbs: - - "get" - - "list" - - "watch" + - apiGroups: + - "scheduler.arangodb.com" + resources: + - "arangoprofiles" + - "arangoprofiles/status" + - "arangoschedulerpods" + - "arangoschedulerpods/status" + - "arangoschedulerdeployments" + - "arangoschedulerdeployments/status" + - "arangoschedulerbatchjobs" + - "arangoschedulerbatchjobs/status" + - "arangoschedulercronjobs" + - "arangoschedulercronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "" + resources: + - "pods" + - "pods/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "deployments/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "batch" + resources: + - "jobs" + - "jobs/status" + - "cronjobs" + - "cronjobs/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "database.arangodb.com" + resources: + - "arangodeployments" + verbs: + - "get" + - "list" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/service-account.yaml b/chart/kube-arangodb/templates/service-account.yaml index 3c102d1a7..6855b7ee2 100644 --- a/chart/kube-arangodb/templates/service-account.yaml +++ b/chart/kube-arangodb/templates/service-account.yaml @@ -4,11 +4,11 @@ metadata: name: {{ template "kube-arangodb.operatorName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} {{- if .Values.operator.imagePullSecrets }} imagePullSecrets: {{- range .Values.operator.imagePullSecrets }} diff --git a/chart/kube-arangodb/templates/storage-operator/cluster-role-binding.yaml b/chart/kube-arangodb/templates/storage-operator/cluster-role-binding.yaml index cfaaff455..23d56b656 100644 --- a/chart/kube-arangodb/templates/storage-operator/cluster-role-binding.yaml +++ b/chart/kube-arangodb/templates/storage-operator/cluster-role-binding.yaml @@ -4,21 +4,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/storage-operator/cluster-role.yaml b/chart/kube-arangodb/templates/storage-operator/cluster-role.yaml index 8109978b3..061e4d730 100644 --- a/chart/kube-arangodb/templates/storage-operator/cluster-role.yaml +++ b/chart/kube-arangodb/templates/storage-operator/cluster-role.yaml @@ -4,29 +4,71 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: {{ template "kube-arangodb.rbac-cluster" . }}-storage - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac-cluster" . }}-storage + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["persistentvolumes", "persistentvolumeclaims", "endpoints", "events", "services"] - verbs: ["*"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: ["namespaces", "nodes"] - verbs: ["get", "list", "watch"] - - apiGroups: ["storage.k8s.io"] - resources: ["storageclasses"] - verbs: ["*"] - - apiGroups: ["storage.arangodb.com"] - resources: ["arangolocalstorages"] - verbs: ["*"] + - apiGroups: + - "" + resources: + - "persistentvolumes" + - "persistentvolumeclaims" + - "endpoints" + - "events" + - "services" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + - "nodes" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "storage.k8s.io" + resources: + - "storageclasses" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "storage.arangodb.com" + resources: + - "arangolocalstorages" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/storage-operator/crd.yaml b/chart/kube-arangodb/templates/storage-operator/crd.yaml index b1f021c19..fb168515a 100644 --- a/chart/kube-arangodb/templates/storage-operator/crd.yaml +++ b/chart/kube-arangodb/templates/storage-operator/crd.yaml @@ -4,31 +4,31 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: arangolocalstorages.storage.arangodb.com - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: arangolocalstorages.storage.arangodb.com + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} spec: - group: storage.arangodb.com - names: - kind: ArangoLocalStorage - listKind: ArangoLocalStorageList - plural: arangolocalstorages - shortNames: - - arangostorage - singular: arangolocalstorage - scope: Cluster - versions: - - name: v1alpha - served: true - storage: true - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true + group: storage.arangodb.com + names: + kind: ArangoLocalStorage + listKind: ArangoLocalStorageList + plural: arangolocalstorages + shortNames: + - arangostorage + singular: arangolocalstorage + scope: Cluster + versions: + - name: v1alpha + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/storage-operator/role-binding.yaml b/chart/kube-arangodb/templates/storage-operator/role-binding.yaml index 5e120f06b..f31ed05a0 100644 --- a/chart/kube-arangodb/templates/storage-operator/role-binding.yaml +++ b/chart/kube-arangodb/templates/storage-operator/role-binding.yaml @@ -4,22 +4,22 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "kube-arangodb.rbac" . }}-storage + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-storage subjects: - - kind: ServiceAccount - name: {{ template "kube-arangodb.operatorName" . }} - namespace: {{ .Release.Namespace }} + - kind: ServiceAccount + name: {{ template "kube-arangodb.operatorName" . }} + namespace: {{ .Release.Namespace }} {{- end }} diff --git a/chart/kube-arangodb/templates/storage-operator/role.yaml b/chart/kube-arangodb/templates/storage-operator/role.yaml index 47553bb0a..4996ad89e 100644 --- a/chart/kube-arangodb/templates/storage-operator/role.yaml +++ b/chart/kube-arangodb/templates/storage-operator/role.yaml @@ -4,27 +4,49 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "kube-arangodb.rbac" . }}-storage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - release: {{ .Release.Name }} + name: {{ template "kube-arangodb.rbac" . }}-storage + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "update", "watch", "list"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get"] - - apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["*"] - - apiGroups: ["apps"] - resources: ["deployments", "replicasets"] - verbs: ["get"] + - apiGroups: + - "" + resources: + - "pods" + verbs: + - "get" + - "update" + - "watch" + - "list" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - apiGroups: + - "apps" + resources: + - "daemonsets" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "delete" + - "watch" + - apiGroups: + - "apps" + resources: + - "deployments" + - "replicasets" + verbs: + - "get" {{- end }} {{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/webhook/mutation.yaml b/chart/kube-arangodb/templates/webhook/mutation.yaml index 27efd0821..c5b8259a1 100644 --- a/chart/kube-arangodb/templates/webhook/mutation.yaml +++ b/chart/kube-arangodb/templates/webhook/mutation.yaml @@ -25,17 +25,22 @@ webhooks: - key: profiles.arangodb.com/deployment operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 - name: "generic.pod.policies.scheduler.arangodb.com" @@ -50,17 +55,22 @@ webhooks: - key: profiles.arangodb.com/apply operator: Exists rules: - - apiGroups: [""] - apiVersions: ["v1"] - operations: ["CREATE"] - resources: ["pods"] - scope: "Namespaced" + - apiGroups: + - "" + apiVersions: + - "v1" + operations: + - "CREATE" + resources: + - "pods" + scope: "Namespaced" clientConfig: service: namespace: {{ .Release.Namespace }} name: {{ template "kube-arangodb.operatorName" . }}-webhook path: /webhook/core/v1/pods/policies/mutate - admissionReviewVersions: ["v1"] + admissionReviewVersions: + - "v1" sideEffects: None timeoutSeconds: 5 diff --git a/chart/kube-arangodb/templates/webhook/validation.yaml b/chart/kube-arangodb/templates/webhook/validation.yaml index 0c791cacc..7b8db4523 100644 --- a/chart/kube-arangodb/templates/webhook/validation.yaml +++ b/chart/kube-arangodb/templates/webhook/validation.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} release: {{ .Release.Name }} -webhooks: [] +webhooks: [ ] {{- end }} \ No newline at end of file