Commit Graph

18 Commits (60e4d99b57f7fe82143286754cab74d508afd748)

Author SHA1 Message Date
Stefan Prodan 0a87ed5a42
Add source-watcher to manifests
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
1 month ago
Matheus Pimenta 941af6a648
[RFC-0010] Add RBAC for creating service account tokens
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
6 months ago
Calle Pettersson 539dfa0942 Add permissions required for flow control
Signed-off-by: Calle Pettersson <carlpett@users.noreply.github.com>
2 years ago
Stefan Prodan 2aa38baa35
Add ResourceQuota for critical pods
Fixes insufficient quota error on GKE

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2 years ago
Stefan Prodan 65055c273f
rbac: Add view and edit aggregated cluster roles
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
3 years ago
Stefan Prodan 1ece35e4c5
Add leader election required permissions
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Stefan Prodan 5dee903374
Grant service account read-only access to controllers
For image automation to use a service account to authenticate to container registries, the controllers needs read-only access to service accounts.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
4 years ago
Aurel Canciu 69dce73e51
Allow namespaces readonly crd-controller rbac
Readonly access to namespaces is needed by the
image-reflector-controller to support the cross-namespace accessFrom
functionality introduced in image-reflector-controller#162.

Signed-off-by: Aurel Canciu <aurelcanciu@gmail.com>
4 years ago
Stefan Prodan 8f8c7cccc6
Add SA namespace to RBAC
Fix flux install when not all controllers have been selected

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Stefan Prodan 1b581d6f51
Add dedicated service accounts per controller
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
5 years ago
Brian Atkinson a18f84c27b Add permissions for controller leader election.
The v0.8.0 version of the controller-runtime uses both config maps and
leases to perform leader election. These permissions seem to be in the
individual controller repos, but not here. For example
2d38de8779/config/rbac/leader_election_role.yaml (L33-L44)

Signed-off-by: Brian Atkinson <brian@atkinson.mn>
5 years ago
Hidde Beydals 1ff24d9285 Add PATCH rule to crd-controller role for events
During high custom resource count / low interval tests, I was greated
with a `cannot patch resource "events"` message. This happened due to
event compaction, where it will perform a patch instead of a create.
By giving the role the permission to do so this should no longer pose
a problem.
5 years ago
Hidde Beydals 54b11e7b25 Update components
- source-controller to v0.0.7
- kustomize-controller to v0.0.7
- helm-controller to v0.0.1
- notification-controller to v0.0.6
5 years ago
stefanprodan 02521b6964 Add helm-controller to installer 5 years ago
stefanprodan e594350307 Add notification controller to tk components 5 years ago
stefanprodan 47c249e3be manifests: fix leader election rbac 6 years ago
stefanprodan b9a8100dbb manifests: add cluster reconciler RBAC and SA 6 years ago
stefanprodan 42d2ed51cb Add install manifests 6 years ago