Release and RBAC fixes

Signed-off-by: Danil Grigorev <danil.grigorev@suse.com>
rancher-sandbox · Mar 4, 2024 · c9ed870 · c9ed870
1 parent 91e6fd3
commit c9ed870
Show file tree

Hide file tree

Showing 8 changed files with 60 additions and 6 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -38,9 +38,9 @@ jobs:
           echo "OWNER=$(echo $GITHUB_ACTOR | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
           echo "REGISTRY=$(echo $REGISTRY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
       - name: Build docker image
-        run: make docker-build
+        run: make docker-build-all
       - name: Push docker image
-        run: make docker-push
+        run: make docker-push-all
       - name: generate release artifacts
         run: |
           make release

diff --git a/Dockerfile b/Dockerfile
@@ -15,6 +15,7 @@ RUN go mod download
 COPY cmd/main.go cmd/main.go
 COPY api/ api/
 COPY internal/controller/ internal/controller/
+COPY internal/plugin/ internal/plugin/
 
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command

diff --git a/config/default/manager_image_patch.yaml b/config/default/manager_image_patch.yaml
@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: ghcr.io/danil-grigorev/cluster-api-velero-controller-amd64:dev
+      - image: ghcr.io/danil-grigorev/cluster-api-velero-controller:dev
         name: manager
diff --git a/config/default/manager_pull_policy.yaml b/config/default/manager_pull_policy.yaml
@@ -8,4 +8,4 @@ spec:
     spec:
       containers:
       - name: manager
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent
diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml
@@ -4,12 +4,12 @@ metadata:
   labels:
     control-plane: controller-manager
     app.kubernetes.io/name: service
-    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/instance: metrics-service
     app.kubernetes.io/component: kube-rbac-proxy
     app.kubernetes.io/created-by: cluster-api-addon-provider-velero
     app.kubernetes.io/part-of: cluster-api-addon-provider-velero
     app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-service
+  name: metrics-service
   namespace: system
 spec:
   ports:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -4,6 +4,38 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - helmchartproxies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - helmchartproxies/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - helmchartproxies/status
+  verbs:
+  - get
 - apiGroups:
   - addons.cluster.x-k8s.io
   resources:
@@ -108,3 +140,17 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters/status
+  verbs:
+  - get
diff --git a/internal/controller/generic_controller.go b/internal/controller/generic_controller.go
@@ -45,6 +45,9 @@ const (
 	finalizer          = "addons.cluster.x-k8s.io/velero"
 )
 
+//+kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters,verbs=get;list;watch
+//+kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters/status,verbs=get
+
 // GenericReconciler is a generic interface for velero objects reconciler
 type GenericReconciler[P veleroaddonv1.VeleroProxy[V], V veleroaddonv1.VeleroOrigin] interface {
 	client.Client

diff --git a/internal/controller/veleroinstallation_controller.go b/internal/controller/veleroinstallation_controller.go
@@ -41,6 +41,10 @@ type VeleroInstallationReconciler struct {
 //+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=veleroinstallations,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=veleroinstallations/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=veleroinstallations/finalizers,verbs=update
+//+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=helmchartproxies,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=helmchartproxies/status,verbs=get
+//+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=helmchartproxies/finalizers,verbs=update
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.