Skip to content

Commit

Permalink
fix: 🐛 namespaced rbac when kubernetesIngress provider is disabled
Browse files Browse the repository at this point in the history
  • Loading branch information
@mloiseleur
mloiseleur committed Jun 6, 2024
1 parent e5de2f8 commit 3bb41f7
Show file tree
Hide file tree
Showing 2 changed files with 130 additions and 5 deletions.
10 changes: 5 additions & 5 deletions traefik/templates/rbac/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}}
{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup) -}}
{{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) }}
{{- if not (and .Values.rbac.namespaced .Values.providers.kubernetesIngress.disableIngressClassLookup) }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
Expand Down Expand Up @@ -115,8 +115,6 @@ rules:
- update
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if .Values.hub.token }}
- apiGroups:
- hub.traefik.io
Expand Down Expand Up @@ -208,4 +206,6 @@ rules:
- get
- list
- watch
{{- end -}}
{{- end }}
{{- end }}
{{- end }}
125 changes: 125 additions & 0 deletions traefik/tests/rbac-config_test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -906,3 +906,128 @@ tests:
- get
- list
- watch
- it: should provide namespace'd RBACS for hub
set:
hub:
token: xxx
rbac:
namespaced: true
providers:
kubernetesIngress:
enabled: false
asserts:
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- hub.traefik.io
resources:
- accesscontrolpolicies
- apiaccesses
- apiportals
- apiratelimits
- apis
- apiversions
verbs:
- list
- watch
- create
- update
- patch
- delete
- get
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- ""
resources:
- namespaces
- pods
- nodes
verbs:
- get
- list
- watch
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- get
- watch
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- update
- create
- delete
- deletecollection
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- template: rbac/role.yaml
contains:
path: rules
content:
apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch

0 comments on commit 3bb41f7

Please sign in to comment.