Commit f1cc218d authored by Jason Plum's avatar Jason Plum

Merge branch '1190-operator-roles-should-be-regular' into 'master'

Transition Operator from Cluster to Namespace Role

Closes #1190

See merge request charts/gitlab!764
parents 5b244d7b 36e37d26
Pipeline #57608355 passed with stages
in 35 minutes and 4 seconds
---
title: Transition Operator from Cluster to Namespace Role
merge_request: 764
author:
type: changed
......@@ -8,7 +8,11 @@ metadata:
{{ include "gitlab.standardLabels" $ | indent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if (include "gitlab.operator.namespaced" .) }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
metadata:
name: {{ template "fullname" . }}
labels:
......@@ -31,8 +35,10 @@ rules:
- apiGroups:
- rbac.authorization.k8s.io
resources:
{{- if not (include "gitlab.operator.namespaced" .) }}
- clusterroles
- clusterrolebindings
{{- end }}
- roles
- rolebindings
verbs:
......@@ -78,14 +84,22 @@ rules:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
{{- if (include "gitlab.operator.namespaced" .) }}
kind: RoleBinding
{{- else }}
kind: ClusterRoleBinding
{{- end }}
metadata:
name: {{ template "fullname" . }}
labels:
{{ include "gitlab.standardLabels" $ | indent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
{{- if (include "gitlab.operator.namespaced" .) }}
kind: Role
{{- else }}
kind: ClusterRole
{{- end }}
name: {{ template "fullname" . }}
subjects:
- kind: ServiceAccount
......
......@@ -25,6 +25,19 @@ latest
{{- end -}}
{{- end -}}
{{/*
Returns true if and only if the version of the operator container is greater
than 0.4.
*/}}
{{- define "gitlab.operator.namespaced" -}}
{{- $version := (include "gitlab.operator.parseVersion" .Values.version) -}}
{{- if and (regexMatch "^v\\d+\\.\\d+$" $version) (le ($version | trimPrefix "v" | float64) 0.4) -}}
{{- /* this is the false condition */ -}}
{{- else -}}
true
{{- end -}}
{{- end -}}
{{/*
Returns the operator crd name which should be in the format of spec.names.plural + '.' + groupname
*/}}
......
......@@ -20,3 +20,7 @@ The operator makes use of Kubernetes CustomResourceDefinitions (CRD). Since Helm
The first command will install only the `CRD` but will not actually attempt to deploy the operator. The second command will deploy the operator itself, now that the CRD is in place.
**NOTE:** This needs done only the first time you install the operator, further upgrades will follow the normal [upgrade procedures](./upgrade.md)
**NOTE:** Test new versions of the operator by setting `gitlab.operator.image.tag` to either the branch name of a gitlab-operator container build or a specific tagged release number.
**NOTE:** The operator is transitioning from a ClusterRole to a regular Role that operates within a namespace. Operator containers after version 0.4 will have this new behavior by default.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment