diff --git a/charts/testnet-manager/Chart.yaml b/charts/testnet-manager/Chart.yaml index 52f6491e..0dfc8a16 100644 --- a/charts/testnet-manager/Chart.yaml +++ b/charts/testnet-manager/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: testnet-manager description: A Helm chart to deploy testnet-manager type: application -version: 1.3.0 +version: 1.3.1 appVersion: "1.0.0" maintainers: - name: Parity diff --git a/charts/testnet-manager/README.md b/charts/testnet-manager/README.md index 0a032537..395e588b 100644 --- a/charts/testnet-manager/README.md +++ b/charts/testnet-manager/README.md @@ -20,7 +20,7 @@ This is intended behaviour. Make sure to run `git add -A` once again to stage ch The helm chart installs the [Testnet Manager](https://github.com/paritytech/testnet-manager). -![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) +![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) ## Maintainers diff --git a/charts/testnet-manager/templates/rbac.yaml b/charts/testnet-manager/templates/rbac.yaml index 5da207bf..e5d1ab40 100644 --- a/charts/testnet-manager/templates/rbac.yaml +++ b/charts/testnet-manager/templates/rbac.yaml @@ -27,9 +27,18 @@ rules: resources: ["statefulsets"] verbs: ["get", "list"] --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $fullName }}-volume-reader +rules: + - apiGroups: [""] + resources: ["persistentvolumes", "persistentvolumeclaims"] + verbs: ["get", "list"] +--- # Creat Role bindings {{- $serviceAccountName := include "testnet-manager.serviceAccountName" . -}} -# Allow the testnet-manager service account to read pods in the rococo namespace +# Allow the testnet-manager service account to read pods in the current namespace kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -44,7 +53,7 @@ subjects: name: {{ $serviceAccountName }} namespace: {{ $.Release.Namespace }} --- -# Allow the testnet-manager service account to read configmaps in the rococo namespace +# Allow the testnet-manager service account to read configmaps in the current namespace kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -59,7 +68,7 @@ subjects: name: {{ $serviceAccountName }} namespace: {{ $.Release.Namespace }} --- -# Allow the testnet-manager service account to read statefulsets in the rococo namespace +# Allow the testnet-manager service account to read statefulsets in the current namespace kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -74,3 +83,40 @@ subjects: name: {{ $serviceAccountName }} namespace: {{ $.Release.Namespace }} --- +# Allow the testnet-manager service account to read volumes in the current namespace +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $fullName }}-read-volume + namespace: {{ $.Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ $fullName }}-volume-reader +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $.Release.Namespace }} +--- +# Allow the testnet-manager service account to read nodes of the pod in the current namespace +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $fullName }}-read-node +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $fullName }}-node-reader +subjects: +- kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ $.Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $fullName }}-read-node + apiGroup: rbac.authorization.k8s.io