Add aggregateToDefaultRules to http add-on (#450)

kedacore · May 18, 2023 · 0950941 · 0950941
1 parent 8f4ee68
commit 0950941
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 0 deletions.
diff --git a/http-add-on/README.md b/http-add-on/README.md
@@ -139,6 +139,7 @@ their default values.
 | `interceptor.resources.limits.memory`                         | The memory resource limit for the operator component | `64Mi` |
 | `interceptor.resources.requests.cpu`                          | The CPU resource request for the operator component | `250m` |
 | `interceptor.resources.requests.memory`                       | The memory resource request for the operator component | `20Mi` |
+| `rbac.aggregateToDefaultRoles`                                | Install aggregate roles for edit and view | `false`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to
 `helm install`. For example:

diff --git a/http-add-on/templates/rbac-aggregateclusterroles.yaml b/http-add-on/templates/rbac-aggregateclusterroles.yaml
@@ -0,0 +1,53 @@
+{{- if .Values.rbac.aggregateToDefaultRoles }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-edit
+  labels:
+    httpscaledobjects.http.keda.sh/version: {{ .Values.images.tag | default .Chart.AppVersion }}
+    keda.sh/addon: {{ .Chart.Name }}
+    app: {{ .Chart.Name }}
+    name: {{ .Chart.Name }}-edit
+    app.kubernetes.io/name: {{ .Chart.Name }}-edit
+    {{- include "keda-addons-http.labels" . | indent 4 }}
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+rules:
+- apiGroups:
+  - http.keda.sh
+  resources:
+  - httpscaledobjects
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}-view
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    httpscaledobjects.http.keda.sh/version: {{ .Values.images.tag | default .Chart.AppVersion }}
+    keda.sh/addon: {{ .Chart.Name }}
+    app: {{ .Chart.Name }}
+    name: {{ .Chart.Name }}-view
+    app.kubernetes.io/name: {{ .Chart.Name }}-view
+    {{- include "keda-addons-http.labels" . | indent 4 }}
+rules:
+- apiGroups:
+  - http.keda.sh
+  resources:
+  - httpscaledobjects
+  verbs:
+  - get
+  - list
+  - watch
+{{- end -}}
diff --git a/http-add-on/values.yaml b/http-add-on/values.yaml
@@ -151,3 +151,7 @@ images:
   kubeRbacProxy:
     name: gcr.io/kubebuilder/kube-rbac-proxy
     tag: v0.13.0
+
+rbac:
+  # install aggregate roles for edit and view
+  aggregateToDefaultRoles: false