bug/add_default_role_access (#453)

Author: ajanikow

chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml

@@ -0,0 +1,26 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deployment -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-default
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: {{ template "kube-arangodb.rbac" . }}-default
+subjects:
+    - kind: ServiceAccount
+      name: default
+      namespace: {{ .Release.Namespace }}
+
+
+{{- end }}
+{{- end }}

chart/kube-arangodb/templates/deployment-operator/default-role.yaml

@@ -0,0 +1,21 @@
+{{ if .Values.rbac.enabled -}}
+{{ if .Values.operator.features.deployment -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: {{ template "kube-arangodb.rbac" . }}-default
+    namespace: {{ .Release.Namespace }}
+    labels:
+        app.kubernetes.io/name: {{ template "kube-arangodb.name" . }}
+        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+        app.kubernetes.io/managed-by: {{ .Release.Service }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        release: {{ .Release.Name }}
+rules:
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["get"]
+
+{{- end }}
+{{- end }}

manifests/arango-deployment-replication.yaml

@@ -233,6 +233,12 @@ spec:
 ---
 # Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml
 
+---
+# Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-operator/default-role.yaml
+
 ---
 # Source: kube-arangodb/templates/deployment-operator/role-binding.yaml
 

manifests/arango-deployment.yaml

@@ -56,6 +56,23 @@ subjects:
       name: arango-deployment-operator
       namespace: default
 ---
+# Source: kube-arangodb/templates/deployment-operator/default-role.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+    name: arango-deployment-operator-rbac-default
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
+rules:
+    - apiGroups: [""]
+      resources: ["pods"]
+      verbs: ["get"]
+---
 # Source: kube-arangodb/templates/deployment-operator/role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -85,6 +102,27 @@ rules:
       resources: ["servicemonitors"]
       verbs: ["get", "create", "delete"]
 ---
+# Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+    name: arango-deployment-operator-rbac-default
+    namespace: default
+    labels:
+        app.kubernetes.io/name: kube-arangodb
+        helm.sh/chart: kube-arangodb-1.0.0
+        app.kubernetes.io/managed-by: Tiller
+        app.kubernetes.io/instance: deployment
+        release: deployment
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: Role
+    name: arango-deployment-operator-rbac-default
+subjects:
+    - kind: ServiceAccount
+      name: default
+      namespace: default
+---
 # Source: kube-arangodb/templates/deployment-operator/role-binding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

manifests/arango-storage.yaml

@@ -265,6 +265,12 @@ spec:
 ---
 # Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml
 
+---
+# Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml
+
+---
+# Source: kube-arangodb/templates/deployment-operator/default-role.yaml
+
 ---
 # Source: kube-arangodb/templates/deployment-operator/role-binding.yaml