From e9a50900feaa6c49e44d3efa24c4ac9633eacf12 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Wed, 26 Nov 2025 16:37:03 +0200 Subject: [PATCH 1/2] fix: remove nonResourceURLs from RBAC rules for event reporters This change simplifies the RBAC configuration by removing the nonResourceURLs rules, which are not necessary for the functionality of the cluster and runtime event reporters. --- .../event-reporters/cluster-event-reporter/rbac.yaml | 4 ---- .../event-reporters/runtime-event-reporter/rbac.yaml | 4 ---- 2 files changed, 8 deletions(-) diff --git a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/rbac.yaml b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/rbac.yaml index 4ab10d33..2b06f30b 100644 --- a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/rbac.yaml +++ b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/rbac.yaml @@ -23,10 +23,6 @@ rules: - '*' verbs: - '*' - - nonResourceURLs: - - '*' - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: {{ $context.Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} diff --git a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/rbac.yaml b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/rbac.yaml index a11a1e14..6cef61e9 100644 --- a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/rbac.yaml +++ b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/rbac.yaml @@ -23,10 +23,6 @@ rules: - '*' verbs: - '*' - - nonResourceURLs: - - '*' - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: {{ $context.Values.global.runtime.singleNamespace | ternary "RoleBinding" "ClusterRoleBinding" }} From f31fd7d8061638a080db19d4b64d087ad7ec14b2 Mon Sep 17 00:00:00 2001 From: Noam Gal Date: Thu, 27 Nov 2025 17:41:37 +0200 Subject: [PATCH 2/2] fix: add IS_NAMESPACED_RUNTIME variable to environment variables for event reporters This change introduces the IS_NAMESPACED_RUNTIME variable in the environment configuration for both cluster and runtime event reporters. This variable is set to the value of .Values.global.runtime.singleNamespace, ensuring that the runtime context is correctly reflected in the environment settings. --- .../templates/event-reporters/cluster-event-reporter/_env.yaml | 1 + .../templates/event-reporters/runtime-event-reporter/_env.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml index d8e1e2ec..0cc3e23a 100644 --- a/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml +++ b/charts/gitops-runtime/templates/event-reporters/cluster-event-reporter/_env.yaml @@ -2,6 +2,7 @@ HTTP_PROXY: {{ .Values.global.httpProxy | squote}} HTTPS_PROXY: {{ .Values.global.httpsProxy | squote }} NO_PROXY: {{ .Values.global.noProxy | squote }} +IS_NAMESPACED_RUNTIME: {{ .Values.global.runtime.singleNamespace }} {{- if and (eq (index .Values "global" "integrations" "argo-cd" "server" "auth" "type") "token") }} {{- if not (index .Values "global" "integrations" "argo-cd" "server" "auth" "token") }} diff --git a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml index 02d0cefa..e6063059 100644 --- a/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml +++ b/charts/gitops-runtime/templates/event-reporters/runtime-event-reporter/_env.yaml @@ -2,6 +2,7 @@ HTTP_PROXY: {{ .Values.global.httpProxy | squote}} HTTPS_PROXY: {{ .Values.global.httpsProxy | squote }} NO_PROXY: {{ .Values.global.noProxy | squote }} +IS_NAMESPACED_RUNTIME: {{ .Values.global.runtime.singleNamespace }} {{- if and (eq (index .Values "global" "integrations" "argo-cd" "server" "auth" "type") "token") }} {{- if not (index .Values "global" "integrations" "argo-cd" "server" "auth" "token") }}