[Feature/Chart] Quick fix for supporting watching multiple namespaces (…

…#25)

* Update role_binding.yaml

* Update role.yaml

* Update values.yaml

* Add non clustered role as described in  #9

Signed-off-by: arttii <[email protected]>

* Add changelog

Signed-off-by: arttii <[email protected]>

* Add missing list to string conversion

Signed-off-by: arttii <[email protected]>

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ### Added
 
+- [PR #25](https://github.com/Orange-OpenSource/nifikop/pull/25) -  [Helm Chart] Add support for iterating over namespaces
+
 - [PR #18](https://github.com/Orange-OpenSource/nifikop/pull/18) - [Operator] NiFiKop CRDs in version `v1beta1` of CustomResourceDefinition object.
 
 ### Changed

helm/nifikop/templates/deployment.yaml

@@ -44,7 +44,7 @@ spec:
             - nifikop
           args:
             {{- if .Values.namespaces }}
-            - --namespaces={{ .Values.namespaces }}
+            - --namespaces={{ join "," .Values.namespaces }}
             {{- end }}
           readinessProbe:
             exec:

helm/nifikop/templates/role.yaml

@@ -1,13 +1,16 @@
 {{- if .Values.rbacEnable }}
+{{- range  $namespace := $.Values.namespaces }}
+{{- $_ := set $ "vals" $.Values }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    app: {{ template "nifikop.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-  name: {{ template "nifikop.name" . }}
+    app: {{ template "nifikop.name" $_ }}
+    chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
+    heritage: {{ $.Release.Service }}
+    release: {{ $.Release.Name }}
+  name: {{ template "nifikop.name" $_ }}
+  namespace: {{$namespace}}
 rules:
 - apiGroups:
   - ""
@@ -89,7 +92,7 @@ rules:
   - cert-manager.io
   resources:
   - issuers
-  {{-  if.Values.certManager.clusterScoped }}
+  {{-  if $.Values.certManager.clusterScoped }}
   - clusterissuers
   {{- end }}
   - certificates
@@ -111,4 +114,5 @@ rules:
   - update
   - patch
 ---
-{{- end}}
+{{- end}}
+{{- end}}

helm/nifikop/templates/role_binding.yaml

@@ -1,24 +1,29 @@
-# TODO : add a role binding for each namespace
 {{- if .Values.rbacEnable }}
+{{- range  $namespace := $.Values.namespaces }}
+{{- $_ := set $ "vals" $.Values }}
+---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   labels:
-    app: {{ template "nifikop.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-  name: {{ template "nifikop.name" . }}
+    app: {{ template "nifikop.name" $ }}
+    chart: {{ $.Chart.Name }}-{{ $.Chart.Version }}
+    heritage: {{ $.Release.Service }}
+    release: {{ $.Release.Name }}
+  name: {{ template "nifikop.name" $ }}
+  namespace: {{$namespace}}
 subjects:
 - kind: ServiceAccount
-  name: {{ template "nifikop.name" . }}
+  name: {{ template "nifikop.name" $ }}
+  namespace: {{$.Release.Namespace}}
 roleRef:
   kind: Role
-  name: {{ template "nifikop.name" . }}
+  name: {{ template "nifikop.name" $ }}
   apiGroup: rbac.authorization.k8s.io
 {{- end }}
+{{- end }}
 ---
-#
+ 
 #kind: RoleBinding
 #apiVersion: rbac.authorization.k8s.io/v1
 #metadata:
@@ -37,4 +42,4 @@ roleRef:
 #  kind: Role
 #  name: {{ template "nifikop.name" . }}
 #  apiGroup: rbac.authorization.k8s.io
-#
+#

helm/nifikop/values.yaml

@@ -11,7 +11,7 @@ vaultAddress: ""
 # vaultSecret containing a `ca.crt` key with the Vault CA Certificate
 vaultSecret: ""
 # set of namespaces where the operator watches resources
-namespaces: ""
+namespaces: []
 
 ## Prometheus-operator resource limits & requests
 ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
@@ -30,6 +30,7 @@ createCustomResource: true
 ## If true, create & use RBAC resources
 ##
 rbacEnable: true
+
 
 ## if true deploy service for metrics access
 metricService: false