From 3b8a9f9d2c7aa5d0fdf5eb821c914c63b0d690ae Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 16 Jun 2025 20:11:15 +0200 Subject: [PATCH] Configure all apps to use new function to generate subjects Signed-off-by: Andrei Kvapil --- packages/apps/bucket/Chart.yaml | 4 +- packages/apps/bucket/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/clickhouse/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/ferretdb/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/kafka/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/kubernetes/Chart.yaml | 2 +- packages/apps/kubernetes/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/mysql/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/nats/Chart.yaml | 2 +- ...rcemap.yaml => dashboard-resourcemap.yaml} | 11 ++ packages/apps/postgres/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/rabbitmq/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/redis/Chart.yaml | 2 +- .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/tenant/Chart.yaml | 2 +- packages/apps/tenant/templates/tenant.yaml | 108 +++++------------- packages/apps/versions_map | 65 +++++------ packages/apps/virtual-machine/Chart.yaml | 4 +- packages/apps/virtual-machine/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/vm-disk/Chart.yaml | 4 +- packages/apps/vm-disk/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/vm-instance/Chart.yaml | 4 +- packages/apps/vm-instance/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/apps/vpn/Chart.yaml | 2 +- .../vpn/templates/dashboard-resourcemap.yaml | 11 ++ packages/extra/bootbox/Chart.yaml | 2 +- packages/extra/bootbox/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 13 ++- packages/extra/etcd/Chart.yaml | 2 +- packages/extra/etcd/charts/cozy-lib | 1 + .../etcd/templates/dashboard-resourcemap.yaml | 11 ++ packages/extra/info/Chart.yaml | 2 +- packages/extra/info/charts/cozy-lib | 1 + .../info/templates/dashboard-resourcemap.yaml | 11 ++ packages/extra/ingress/Chart.yaml | 2 +- packages/extra/ingress/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/extra/monitoring/Chart.yaml | 2 +- packages/extra/monitoring/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 13 ++- packages/extra/seaweedfs/Chart.yaml | 2 +- packages/extra/seaweedfs/charts/cozy-lib | 1 + .../templates/dashboard-resourcemap.yaml | 11 ++ packages/extra/versions_map | 18 ++- scripts/migrations/13 | 6 +- 56 files changed, 329 insertions(+), 153 deletions(-) create mode 120000 packages/apps/bucket/charts/cozy-lib create mode 120000 packages/apps/kubernetes/charts/cozy-lib rename packages/apps/nats/templates/{resourcemap.yaml => dashboard-resourcemap.yaml} (60%) create mode 120000 packages/apps/virtual-machine/charts/cozy-lib create mode 120000 packages/apps/vm-disk/charts/cozy-lib create mode 120000 packages/apps/vm-instance/charts/cozy-lib create mode 120000 packages/extra/bootbox/charts/cozy-lib create mode 120000 packages/extra/etcd/charts/cozy-lib create mode 120000 packages/extra/info/charts/cozy-lib create mode 120000 packages/extra/ingress/charts/cozy-lib create mode 120000 packages/extra/monitoring/charts/cozy-lib create mode 120000 packages/extra/seaweedfs/charts/cozy-lib mode change 100644 => 100755 scripts/migrations/13 diff --git a/packages/apps/bucket/Chart.yaml b/packages/apps/bucket/Chart.yaml index 94b33a62..c0c0c0d0 100644 --- a/packages/apps/bucket/Chart.yaml +++ b/packages/apps/bucket/Chart.yaml @@ -16,10 +16,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.0" +appVersion: "0.2.0" diff --git a/packages/apps/bucket/charts/cozy-lib b/packages/apps/bucket/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/bucket/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/bucket/templates/dashboard-resourcemap.yaml b/packages/apps/bucket/templates/dashboard-resourcemap.yaml index 574af0cb..5edc8b7a 100644 --- a/packages/apps/bucket/templates/dashboard-resourcemap.yaml +++ b/packages/apps/bucket/templates/dashboard-resourcemap.yaml @@ -18,3 +18,14 @@ rules: resourceNames: - {{ .Release.Name }}-ui verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/clickhouse/Chart.yaml b/packages/apps/clickhouse/Chart.yaml index ecb82de0..3471410d 100644 --- a/packages/apps/clickhouse/Chart.yaml +++ b/packages/apps/clickhouse/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.9.2 +version: 0.10.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml index 94852e9a..c0a7d9fb 100644 --- a/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml +++ b/packages/apps/clickhouse/templates/dashboard-resourcemap.yaml @@ -24,3 +24,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/ferretdb/Chart.yaml b/packages/apps/ferretdb/Chart.yaml index dea14dfd..34feb18b 100644 --- a/packages/apps/ferretdb/Chart.yaml +++ b/packages/apps/ferretdb/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.1 +version: 0.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml b/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml index e8fb6c2e..af40a6fa 100644 --- a/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml +++ b/packages/apps/ferretdb/templates/dashboard-resourcemap.yaml @@ -24,3 +24,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/kafka/Chart.yaml b/packages/apps/kafka/Chart.yaml index f31a5b28..62ab50ee 100644 --- a/packages/apps/kafka/Chart.yaml +++ b/packages/apps/kafka/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.1 +version: 0.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kafka/templates/dashboard-resourcemap.yaml b/packages/apps/kafka/templates/dashboard-resourcemap.yaml index ba91ccad..181ea4ec 100644 --- a/packages/apps/kafka/templates/dashboard-resourcemap.yaml +++ b/packages/apps/kafka/templates/dashboard-resourcemap.yaml @@ -25,3 +25,14 @@ rules: - {{ .Release.Name }} - {{ $.Release.Name }}-zookeeper verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml index 630b76df..568d85cd 100644 --- a/packages/apps/kubernetes/Chart.yaml +++ b/packages/apps/kubernetes/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.23.2 +version: 0.24.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/kubernetes/charts/cozy-lib b/packages/apps/kubernetes/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/kubernetes/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/kubernetes/templates/dashboard-resourcemap.yaml b/packages/apps/kubernetes/templates/dashboard-resourcemap.yaml index aebb87df..b47888e9 100644 --- a/packages/apps/kubernetes/templates/dashboard-resourcemap.yaml +++ b/packages/apps/kubernetes/templates/dashboard-resourcemap.yaml @@ -34,3 +34,14 @@ rules: - {{ $.Release.Name }}-{{ $groupName }} {{- end }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/mysql/Chart.yaml b/packages/apps/mysql/Chart.yaml index efdca6cc..63505389 100644 --- a/packages/apps/mysql/Chart.yaml +++ b/packages/apps/mysql/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.7.1 +version: 0.8.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/mysql/templates/dashboard-resourcemap.yaml b/packages/apps/mysql/templates/dashboard-resourcemap.yaml index 4093cde1..af89b39c 100644 --- a/packages/apps/mysql/templates/dashboard-resourcemap.yaml +++ b/packages/apps/mysql/templates/dashboard-resourcemap.yaml @@ -25,3 +25,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/nats/Chart.yaml b/packages/apps/nats/Chart.yaml index 8df5b876..1849c346 100644 --- a/packages/apps/nats/Chart.yaml +++ b/packages/apps/nats/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.1 +version: 0.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/nats/templates/resourcemap.yaml b/packages/apps/nats/templates/dashboard-resourcemap.yaml similarity index 60% rename from packages/apps/nats/templates/resourcemap.yaml rename to packages/apps/nats/templates/dashboard-resourcemap.yaml index e8fb6c2e..af40a6fa 100644 --- a/packages/apps/nats/templates/resourcemap.yaml +++ b/packages/apps/nats/templates/dashboard-resourcemap.yaml @@ -24,3 +24,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/postgres/Chart.yaml b/packages/apps/postgres/Chart.yaml index d437b11d..1183562f 100644 --- a/packages/apps/postgres/Chart.yaml +++ b/packages/apps/postgres/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.13.0 +version: 0.14.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/postgres/templates/dashboard-resourcemap.yaml b/packages/apps/postgres/templates/dashboard-resourcemap.yaml index f858d1b8..e248e0f9 100644 --- a/packages/apps/postgres/templates/dashboard-resourcemap.yaml +++ b/packages/apps/postgres/templates/dashboard-resourcemap.yaml @@ -26,3 +26,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/rabbitmq/Chart.yaml b/packages/apps/rabbitmq/Chart.yaml index 3aa54260..0db3edef 100644 --- a/packages/apps/rabbitmq/Chart.yaml +++ b/packages/apps/rabbitmq/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.6.0 +version: 0.7.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml index 6a7aee79..dd4be442 100644 --- a/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml +++ b/packages/apps/rabbitmq/templates/dashboard-resourcemap.yaml @@ -27,3 +27,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/redis/Chart.yaml b/packages/apps/redis/Chart.yaml index a71a3dc8..c928c32d 100644 --- a/packages/apps/redis/Chart.yaml +++ b/packages/apps/redis/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.7.1 +version: 0.8.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/redis/templates/dashboard-resourcemap.yaml b/packages/apps/redis/templates/dashboard-resourcemap.yaml index f2682c71..63f82a7d 100644 --- a/packages/apps/redis/templates/dashboard-resourcemap.yaml +++ b/packages/apps/redis/templates/dashboard-resourcemap.yaml @@ -28,3 +28,14 @@ rules: - {{ .Release.Name }}-redis - {{ .Release.Name }}-sentinel verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/tenant/Chart.yaml b/packages/apps/tenant/Chart.yaml index b9cd8a42..555af0ab 100644 --- a/packages/apps/tenant/Chart.yaml +++ b/packages/apps/tenant/Chart.yaml @@ -4,4 +4,4 @@ description: Separated tenant namespace icon: /logos/tenant.svg type: application -version: 1.9.3 +version: 1.10.0 diff --git a/packages/apps/tenant/templates/tenant.yaml b/packages/apps/tenant/templates/tenant.yaml index e46b8f78..b1724376 100644 --- a/packages/apps/tenant/templates/tenant.yaml +++ b/packages/apps/tenant/templates/tenant.yaml @@ -23,8 +23,8 @@ metadata: namespace: {{ include "tenant.name" . }} rules: - apiGroups: [""] - resources: ["*"] - verbs: ["get", "list", "watch", "create", "update", "patch"] + resources: ["pods", "services", "persistentvolumes", "endpoints", "events", "resourcequotas"] + verbs: ["get", "list", "watch"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] verbs: ["get", "list", "watch"] @@ -94,7 +94,12 @@ rules: - apiGroups: - "" resources: - - "*" + - pods + - services + - persistentvolumes + - endpoints + - events + - resourcequotas verbs: - get - list @@ -119,24 +124,7 @@ metadata: name: {{ include "tenant.name" . }}-view namespace: {{ include "tenant.name" . }} subjects: -{{- if ne .Release.Namespace "tenant-root" }} -- kind: Group - name: tenant-root-view - apiGroup: rbac.authorization.k8s.io -{{- end }} -- kind: Group - name: {{ include "tenant.name" . }}-view - apiGroup: rbac.authorization.k8s.io -{{- if hasPrefix "tenant-" .Release.Namespace }} -{{- $parts := splitList "-" .Release.Namespace }} -{{- range $i, $v := $parts }} -{{- if ne $i 0 }} -- kind: Group - name: {{ join "-" (slice $parts 0 (add $i 1)) }}-view - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} -{{- end }} +{{ include "cozy-lib.rbac.subjectsForTenant" (list "view" (include "tenant.name" .)) | nindent 2 }} roleRef: kind: Role name: {{ include "tenant.name" . }}-view @@ -165,7 +153,12 @@ rules: - watch - apiGroups: [""] resources: - - "*" + - pods + - services + - persistentvolumes + - endpoints + - events + - resourcequotas verbs: - get - list @@ -202,24 +195,7 @@ metadata: name: {{ include "tenant.name" . }}-use namespace: {{ include "tenant.name" . }} subjects: -{{- if ne .Release.Namespace "tenant-root" }} -- kind: Group - name: tenant-root-use - apiGroup: rbac.authorization.k8s.io -{{- end }} -- kind: Group - name: {{ include "tenant.name" . }}-use - apiGroup: rbac.authorization.k8s.io -{{- if hasPrefix "tenant-" .Release.Namespace }} -{{- $parts := splitList "-" .Release.Namespace }} -{{- range $i, $v := $parts }} -{{- if ne $i 0 }} -- kind: Group - name: {{ join "-" (slice $parts 0 (add $i 1)) }}-use - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} -{{- end }} +{{ include "cozy-lib.rbac.subjectsForTenant" (list "use" (include "tenant.name" .)) | nindent 2 }} roleRef: kind: Role name: {{ include "tenant.name" . }}-use @@ -240,7 +216,12 @@ rules: - get - apiGroups: [""] resources: - - "*" + - pods + - services + - persistentvolumes + - endpoints + - events + - resourcequotas verbs: - get - list @@ -305,24 +286,7 @@ metadata: name: {{ include "tenant.name" . }}-admin namespace: {{ include "tenant.name" . }} subjects: -{{- if ne .Release.Namespace "tenant-root" }} -- kind: Group - name: tenant-root-admin - apiGroup: rbac.authorization.k8s.io -{{- end }} -- kind: Group - name: {{ include "tenant.name" . }}-admin - apiGroup: rbac.authorization.k8s.io -{{- if hasPrefix "tenant-" .Release.Namespace }} -{{- $parts := splitList "-" .Release.Namespace }} -{{- range $i, $v := $parts }} -{{- if ne $i 0 }} -- kind: Group - name: {{ join "-" (slice $parts 0 (add $i 1)) }}-admin - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} -{{- end }} +{{ include "cozy-lib.rbac.subjectsForTenant" (list "admin" (include "tenant.name" .)) | nindent 2 }} roleRef: kind: Role name: {{ include "tenant.name" . }}-admin @@ -343,7 +307,12 @@ rules: - get - apiGroups: [""] resources: - - "*" + - pods + - services + - persistentvolumes + - endpoints + - events + - resourcequotas verbs: - get - list @@ -384,24 +353,7 @@ metadata: name: {{ include "tenant.name" . }}-super-admin namespace: {{ include "tenant.name" . }} subjects: -{{- if ne .Release.Namespace "tenant-root" }} -- kind: Group - name: tenant-root-super-admin - apiGroup: rbac.authorization.k8s.io -{{- end }} -- kind: Group - name: {{ include "tenant.name" . }}-super-admin - apiGroup: rbac.authorization.k8s.io -{{- if hasPrefix "tenant-" .Release.Namespace }} -{{- $parts := splitList "-" .Release.Namespace }} -{{- range $i, $v := $parts }} -{{- if ne $i 0 }} -- kind: Group - name: {{ join "-" (slice $parts 0 (add $i 1)) }}-super-admin - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} -{{- end }} +{{ include "cozy-lib.rbac.subjectsForTenant" (list "super-admin" (include "tenant.name" .) ) | nindent 2 }} roleRef: kind: Role name: {{ include "tenant.name" . }}-super-admin diff --git a/packages/apps/versions_map b/packages/apps/versions_map index 6c75fa70..31f8be93 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -1,4 +1,5 @@ -bucket 0.1.0 HEAD +bucket 0.1.0 632224a3 +bucket 0.2.0 HEAD clickhouse 0.1.0 f7eaab0a clickhouse 0.2.0 53f2365e clickhouse 0.2.1 dfbc210b @@ -10,7 +11,8 @@ clickhouse 0.6.1 c62a83a7 clickhouse 0.6.2 8267072d clickhouse 0.7.0 93bdf411 clickhouse 0.9.0 6130f43d -clickhouse 0.9.2 HEAD +clickhouse 0.9.2 632224a3 +clickhouse 0.10.0 HEAD ferretdb 0.1.0 e9716091 ferretdb 0.1.1 91b0499a ferretdb 0.2.0 6c5cf5bf @@ -20,7 +22,8 @@ ferretdb 0.4.1 1ec10165 ferretdb 0.4.2 8267072d ferretdb 0.5.0 93bdf411 ferretdb 0.6.0 6130f43d -ferretdb 0.6.1 HEAD +ferretdb 0.6.1 632224a3 +ferretdb 0.7.0 HEAD http-cache 0.1.0 263e47be http-cache 0.2.0 53f2365e http-cache 0.3.0 6c5cf5bf @@ -40,7 +43,8 @@ kafka 0.3.3 8267072d kafka 0.4.0 85ec09b8 kafka 0.5.0 93bdf411 kafka 0.6.0 6130f43d -kafka 0.6.1 HEAD +kafka 0.6.1 632224a3 +kafka 0.7.0 HEAD kubernetes 0.1.0 263e47be kubernetes 0.2.0 53f2365e kubernetes 0.3.0 007d414f @@ -72,7 +76,7 @@ kubernetes 0.20.0 609e7ede kubernetes 0.20.1 f9f8bb2f kubernetes 0.21.0 6130f43d kubernetes 0.23.1 632224a3 -kubernetes 0.23.2 HEAD +kubernetes 0.24.0 HEAD mysql 0.1.0 263e47be mysql 0.2.0 c24a103f mysql 0.3.0 53f2365e @@ -83,7 +87,8 @@ mysql 0.5.2 1ec10165 mysql 0.5.3 8267072d mysql 0.6.0 93bdf411 mysql 0.7.0 6130f43d -mysql 0.7.1 HEAD +mysql 0.7.1 632224a3 +mysql 0.8.0 HEAD nats 0.1.0 e9716091 nats 0.2.0 6c5cf5bf nats 0.3.0 78366f19 @@ -92,7 +97,8 @@ nats 0.4.0 898374b5 nats 0.4.1 8267072d nats 0.5.0 93bdf411 nats 0.6.0 6130f43d -nats 0.6.1 HEAD +nats 0.6.1 632224a3 +nats 0.7.0 HEAD postgres 0.1.0 263e47be postgres 0.2.0 53f2365e postgres 0.2.1 d7cfa53c @@ -111,7 +117,7 @@ postgres 0.10.1 93bdf411 postgres 0.11.0 f9f8bb2f postgres 0.12.0 6130f43d postgres 0.12.1 632224a3 -postgres 0.13.0 HEAD +postgres 0.14.0 HEAD rabbitmq 0.1.0 263e47be rabbitmq 0.2.0 53f2365e rabbitmq 0.3.0 6c5cf5bf @@ -121,7 +127,8 @@ rabbitmq 0.4.2 4b90bf5a rabbitmq 0.4.3 1ec10165 rabbitmq 0.4.4 8267072d rabbitmq 0.5.0 93bdf411 -rabbitmq 0.6.0 HEAD +rabbitmq 0.6.0 632224a3 +rabbitmq 0.7.0 HEAD redis 0.1.1 263e47be redis 0.2.0 53f2365e redis 0.3.0 6c5cf5bf @@ -130,36 +137,14 @@ redis 0.4.0 84f3ccc0 redis 0.5.0 4e68e65c redis 0.6.0 93bdf411 redis 0.7.0 6130f43d -redis 0.7.1 HEAD +redis 0.7.1 632224a3 +redis 0.8.0 HEAD tcp-balancer 0.1.0 263e47be tcp-balancer 0.2.0 53f2365e tcp-balancer 0.3.0 93bdf411 tcp-balancer 0.4.0 6130f43d tcp-balancer 0.4.1 HEAD -tenant 0.1.4 afc997ef -tenant 0.1.5 e3ab858a -tenant 1.0.0 263e47be -tenant 1.1.0 c0685f43 -tenant 1.2.0 dfbc210b -tenant 1.3.0 e9716091 -tenant 1.3.1 91b0499a -tenant 1.4.0 71514249 -tenant 1.5.0 1ec10165 -tenant 1.6.0 df448b99 -tenant 1.6.1 c62a83a7 -tenant 1.6.2 898374b5 -tenant 1.6.3 2057bb96 -tenant 1.6.4 84f3ccc0 -tenant 1.6.5 fde4bcfa -tenant 1.6.6 4e68e65c -tenant 1.6.7 0ab39f20 -tenant 1.6.8 bc95159a -tenant 1.7.0 24fa7222 -tenant 1.8.0 160e4e2a -tenant 1.9.0 728743db -tenant 1.9.1 721c12a7 -tenant 1.9.2 6130f43d -tenant 1.9.3 HEAD +tenant 1.10.0 HEAD virtual-machine 0.1.4 f2015d65 virtual-machine 0.1.5 263e47be virtual-machine 0.2.0 c0685f43 @@ -175,10 +160,12 @@ virtual-machine 0.8.2 de19450f virtual-machine 0.9.0 721c12a7 virtual-machine 0.9.1 93bdf411 virtual-machine 0.10.0 6130f43d -virtual-machine 0.10.2 HEAD +virtual-machine 0.10.2 632224a3 +virtual-machine 0.11.0 HEAD vm-disk 0.1.0 d971f2ff vm-disk 0.1.1 6130f43d -vm-disk 0.1.2 HEAD +vm-disk 0.1.2 632224a3 +vm-disk 0.2.0 HEAD vm-instance 0.1.0 1ec10165 vm-instance 0.2.0 84f3ccc0 vm-instance 0.3.0 4e68e65c @@ -188,11 +175,13 @@ vm-instance 0.5.0 3fa4dd3a vm-instance 0.5.1 de19450f vm-instance 0.6.0 721c12a7 vm-instance 0.7.0 6130f43d -vm-instance 0.7.2 HEAD +vm-instance 0.7.2 632224a3 +vm-instance 0.8.0 HEAD vpn 0.1.0 263e47be vpn 0.2.0 53f2365e vpn 0.3.0 6c5cf5bf vpn 0.3.1 1ec10165 vpn 0.4.0 93bdf411 vpn 0.5.0 6130f43d -vpn 0.5.1 HEAD +vpn 0.5.1 632224a3 +vpn 0.6.1 HEAD diff --git a/packages/apps/virtual-machine/Chart.yaml b/packages/apps/virtual-machine/Chart.yaml index 8a3189b8..c40f6e27 100644 --- a/packages/apps/virtual-machine/Chart.yaml +++ b/packages/apps/virtual-machine/Chart.yaml @@ -17,10 +17,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.10.2 +version: 0.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 0.10.0 +appVersion: 0.11.0 diff --git a/packages/apps/virtual-machine/charts/cozy-lib b/packages/apps/virtual-machine/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/virtual-machine/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml b/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml index 4f09a79b..d9fa9346 100644 --- a/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml +++ b/packages/apps/virtual-machine/templates/dashboard-resourcemap.yaml @@ -11,6 +11,17 @@ rules: - {{ .Release.Name }} verbs: ["get", "list", "watch"] --- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io +--- apiVersion: cozystack.io/v1alpha1 kind: WorkloadMonitor metadata: diff --git a/packages/apps/vm-disk/Chart.yaml b/packages/apps/vm-disk/Chart.yaml index 6e1237ab..4bd41215 100644 --- a/packages/apps/vm-disk/Chart.yaml +++ b/packages/apps/vm-disk/Chart.yaml @@ -16,10 +16,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 0.1.1 +appVersion: 0.2.0 diff --git a/packages/apps/vm-disk/charts/cozy-lib b/packages/apps/vm-disk/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/vm-disk/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/vm-disk/templates/dashboard-resourcemap.yaml b/packages/apps/vm-disk/templates/dashboard-resourcemap.yaml index a0bd5604..b7276bb4 100644 --- a/packages/apps/vm-disk/templates/dashboard-resourcemap.yaml +++ b/packages/apps/vm-disk/templates/dashboard-resourcemap.yaml @@ -10,3 +10,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/apps/vm-instance/Chart.yaml b/packages/apps/vm-instance/Chart.yaml index 1208a0f3..962ff161 100644 --- a/packages/apps/vm-instance/Chart.yaml +++ b/packages/apps/vm-instance/Chart.yaml @@ -17,10 +17,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.7.2 +version: 0.8.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: 0.7.0 +appVersion: 0.8.0 diff --git a/packages/apps/vm-instance/charts/cozy-lib b/packages/apps/vm-instance/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/apps/vm-instance/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml b/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml index a495b494..1abdfe7b 100644 --- a/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml +++ b/packages/apps/vm-instance/templates/dashboard-resourcemap.yaml @@ -11,6 +11,17 @@ rules: - {{ .Release.Name }} verbs: ["get", "list", "watch"] --- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io +--- apiVersion: cozystack.io/v1alpha1 kind: WorkloadMonitor metadata: diff --git a/packages/apps/vpn/Chart.yaml b/packages/apps/vpn/Chart.yaml index b772db4f..c374166c 100644 --- a/packages/apps/vpn/Chart.yaml +++ b/packages/apps/vpn/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.1 +version: 0.6.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/vpn/templates/dashboard-resourcemap.yaml b/packages/apps/vpn/templates/dashboard-resourcemap.yaml index 8f34e7d6..a4c3b4ec 100644 --- a/packages/apps/vpn/templates/dashboard-resourcemap.yaml +++ b/packages/apps/vpn/templates/dashboard-resourcemap.yaml @@ -17,3 +17,14 @@ rules: resourceNames: - {{ .Release.Name }}-vpn verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "use" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/bootbox/Chart.yaml b/packages/extra/bootbox/Chart.yaml index ee45ed33..08e4b0cd 100644 --- a/packages/extra/bootbox/Chart.yaml +++ b/packages/extra/bootbox/Chart.yaml @@ -3,4 +3,4 @@ name: bootbox description: PXE hardware provisioning icon: /logos/bootbox.svg type: application -version: 0.1.1 +version: 0.2.0 diff --git a/packages/extra/bootbox/charts/cozy-lib b/packages/extra/bootbox/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/extra/bootbox/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/extra/bootbox/templates/dashboard-resourcemap.yaml b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml index ad04d65b..628025f6 100644 --- a/packages/extra/bootbox/templates/dashboard-resourcemap.yaml +++ b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml @@ -31,5 +31,14 @@ rules: resourceNames: - bootbox-matchbox verbs: ["get", "list", "watch"] - - +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "super-admin" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/etcd/Chart.yaml b/packages/extra/etcd/Chart.yaml index 30da9487..c2208b87 100644 --- a/packages/extra/etcd/Chart.yaml +++ b/packages/extra/etcd/Chart.yaml @@ -3,4 +3,4 @@ name: etcd description: Storage for Kubernetes clusters icon: /logos/etcd.svg type: application -version: 2.7.0 +version: 2.8.0 diff --git a/packages/extra/etcd/charts/cozy-lib b/packages/extra/etcd/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/extra/etcd/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/extra/etcd/templates/dashboard-resourcemap.yaml b/packages/extra/etcd/templates/dashboard-resourcemap.yaml index 25a0dfd3..8057b56d 100644 --- a/packages/extra/etcd/templates/dashboard-resourcemap.yaml +++ b/packages/extra/etcd/templates/dashboard-resourcemap.yaml @@ -17,3 +17,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "super-admin" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/info/Chart.yaml b/packages/extra/info/Chart.yaml index d0a06e9f..6ba3ac46 100644 --- a/packages/extra/info/Chart.yaml +++ b/packages/extra/info/Chart.yaml @@ -3,4 +3,4 @@ name: info description: Info icon: /logos/info.svg type: application -version: 1.0.1 +version: 1.1.0 diff --git a/packages/extra/info/charts/cozy-lib b/packages/extra/info/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/extra/info/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/extra/info/templates/dashboard-resourcemap.yaml b/packages/extra/info/templates/dashboard-resourcemap.yaml index e0dccc23..2fe68df1 100644 --- a/packages/extra/info/templates/dashboard-resourcemap.yaml +++ b/packages/extra/info/templates/dashboard-resourcemap.yaml @@ -10,3 +10,14 @@ rules: resourceNames: - kubeconfig-{{ .Release.Namespace }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "view" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/ingress/Chart.yaml b/packages/extra/ingress/Chart.yaml index 93807c89..289c931a 100644 --- a/packages/extra/ingress/Chart.yaml +++ b/packages/extra/ingress/Chart.yaml @@ -3,4 +3,4 @@ name: ingress description: NGINX Ingress Controller icon: /logos/ingress-nginx.svg type: application -version: 1.6.0 +version: 1.7.0 diff --git a/packages/extra/ingress/charts/cozy-lib b/packages/extra/ingress/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/extra/ingress/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/extra/ingress/templates/dashboard-resourcemap.yaml b/packages/extra/ingress/templates/dashboard-resourcemap.yaml index 38b9a033..487b0d62 100644 --- a/packages/extra/ingress/templates/dashboard-resourcemap.yaml +++ b/packages/extra/ingress/templates/dashboard-resourcemap.yaml @@ -17,3 +17,14 @@ rules: resourceNames: - {{ .Release.Name }} verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "admin" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/monitoring/Chart.yaml b/packages/extra/monitoring/Chart.yaml index 9f76ab8b..301be9ea 100644 --- a/packages/extra/monitoring/Chart.yaml +++ b/packages/extra/monitoring/Chart.yaml @@ -3,4 +3,4 @@ name: monitoring description: Monitoring and observability stack icon: /logos/monitoring.svg type: application -version: 1.10.1 +version: 1.11.0 diff --git a/packages/extra/monitoring/charts/cozy-lib b/packages/extra/monitoring/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/extra/monitoring/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/extra/monitoring/templates/dashboard-resourcemap.yaml b/packages/extra/monitoring/templates/dashboard-resourcemap.yaml index a13d18be..894a11d4 100644 --- a/packages/extra/monitoring/templates/dashboard-resourcemap.yaml +++ b/packages/extra/monitoring/templates/dashboard-resourcemap.yaml @@ -49,5 +49,14 @@ rules: {{- break }} {{- end }} verbs: ["get", "list", "watch"] - - +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "admin" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/seaweedfs/Chart.yaml b/packages/extra/seaweedfs/Chart.yaml index 094eee9a..233b0c8b 100644 --- a/packages/extra/seaweedfs/Chart.yaml +++ b/packages/extra/seaweedfs/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.4.1 +version: 0.5.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/extra/seaweedfs/charts/cozy-lib b/packages/extra/seaweedfs/charts/cozy-lib new file mode 120000 index 00000000..e1813509 --- /dev/null +++ b/packages/extra/seaweedfs/charts/cozy-lib @@ -0,0 +1 @@ +../../../library/cozy-lib \ No newline at end of file diff --git a/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml b/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml index 49b55aad..02c9b2aa 100644 --- a/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml +++ b/packages/extra/seaweedfs/templates/dashboard-resourcemap.yaml @@ -27,3 +27,14 @@ rules: - {{ $.Release.Name }}-volume - {{ $.Release.Name }}-db verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Release.Name }}-dashboard-resources +subjects: +{{ include "cozy-lib.rbac.subjectsForTenantAndAccessLevel" (list "admin" .Release.Namespace) }} +roleRef: + kind: Role + name: {{ .Release.Name }}-dashboard-resources + apiGroup: rbac.authorization.k8s.io diff --git a/packages/extra/versions_map b/packages/extra/versions_map index b88f3e7c..9471ff48 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -1,5 +1,6 @@ bootbox 0.1.0 45a7416c -bootbox 0.1.1 HEAD +bootbox 0.1.1 632224a3 +bootbox 0.2.0 HEAD etcd 1.0.0 ca79f725 etcd 2.0.0 c0685f43 etcd 2.0.1 007d414f @@ -10,16 +11,19 @@ etcd 2.4.0 af48519d etcd 2.5.0 24fa7222 etcd 2.6.0 8c460528 etcd 2.6.1 45a7416c -etcd 2.7.0 HEAD +etcd 2.7.0 632224a3 +etcd 2.8.0 HEAD info 1.0.0 93bdf411 -info 1.0.1 HEAD +info 1.0.1 632224a3 +info 1.1.0 HEAD ingress 1.0.0 d7cfa53c ingress 1.1.0 5bbc488e ingress 1.2.0 28fca4ef ingress 1.3.0 fde4bcfa ingress 1.4.0 fd240701 ingress 1.5.0 93bdf411 -ingress 1.6.0 HEAD +ingress 1.6.0 632224a3 +ingress 1.7.0 HEAD monitoring 1.0.0 d7cfa53c monitoring 1.1.0 25221fdc monitoring 1.2.0 f81be075 @@ -40,10 +44,12 @@ monitoring 1.9.0 45a7416c monitoring 1.9.1 fd240701 monitoring 1.9.2 f9f8bb2f monitoring 1.10.0 632224a3 -monitoring 1.10.1 HEAD +monitoring 1.10.1 8c86905b +monitoring 1.11.0 HEAD seaweedfs 0.1.0 71514249 seaweedfs 0.2.0 5fb9cfe3 seaweedfs 0.2.1 fde4bcfa seaweedfs 0.3.0 45a7416c seaweedfs 0.4.0 632224a3 -seaweedfs 0.4.1 HEAD +seaweedfs 0.4.1 8c86905b +seaweedfs 0.5.0 HEAD diff --git a/scripts/migrations/13 b/scripts/migrations/13 old mode 100644 new mode 100755 index 96faa6a7..203aa29e --- a/scripts/migrations/13 +++ b/scripts/migrations/13 @@ -1,8 +1,10 @@ #!/bin/sh # Migration 13 --> 14 -# Delete capi-providers -kubectl delete hr capi-providers -n cozy-cluster-api +# Upgrade tenants.apps to new chart version +kubectl get tenants.apps.cozystack.io -A --no-headers --output=custom-columns='NAMESPACE:.metadata.namespace,NAME:.metadata.name' | while read NAMESPACE NAME; do + kubectl patch tenants.apps.cozystack.io -n "$NAMESPACE" "$NAME" --type merge -p '{"appVersion":"1.10.0"}' +done # Write version to cozystack-version config kubectl create configmap -n cozy-system cozystack-version --from-literal=version=14 --dry-run=client -o yaml | kubectl apply -f-