Skip to content

Commit

Permalink
Add services, ingresss and gateway obj to syncronizer (#440)
Browse files Browse the repository at this point in the history 
* add service and ingress

Signed-off-by: YiscahLevySilas1 <[email protected]>

* add gateway obj

Signed-off-by: YiscahLevySilas1 <[email protected]>

* add templates and test

Signed-off-by: YiscahLevySilas1 <[email protected]>

* add templates and test

Signed-off-by: YiscahLevySilas1 <[email protected]>

* fix test

Signed-off-by: YiscahLevySilas1 <[email protected]>

* fix snapshot

Signed-off-by: YiscahLevySilas1 <[email protected]>

---------

Signed-off-by: YiscahLevySilas1 <[email protected]>
  • Loading branch information
@YiscahLevySilas1
YiscahLevySilas1 authored Jun 3, 2024
1 parent 2374926 commit 740959f
Show file tree
Hide file tree
Showing 3 changed files with 121 additions and 4 deletions.
7 changes: 5 additions & 2 deletions charts/kubescape-operator/templates/synchronizer/clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ rules:
resources: ["rolebindings", "clusterrolebindings"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods", "namespaces", "nodes", "configmaps", "persistentvolumes"]
resources: ["pods", "namespaces", "nodes", "configmaps", "persistentvolumes", "services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets", "daemonsets", "replicasets"]
Expand All @@ -23,7 +23,7 @@ rules:
resources: ["jobs", "cronjobs"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies"]
resources: ["networkpolicies", "ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["spdx.softwarecomposition.kubescape.io"]
resources: ["applicationactivities", "applicationprofiles", "networkneighborses", "networkneighborhoods"]
Expand All @@ -37,4 +37,7 @@ rules:
- apiGroups: ["projectcalico.org"]
resources: ["networkpolicies"]
verbs: ["get", "list", "watch"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["httproutes", "tcproutes","udproutes"]
verbs: ["get", "list", "watch"]
{{- end }}
30 changes: 30 additions & 0 deletions charts/kubescape-operator/templates/synchronizer/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,36 @@ data:
{
"inCluster": {
"resources": [
{
"group": "",
"version": "v1",
"resource": "services",
"strategy": "patch"
},
{
"group": "networking.k8s.io",
"version": "v1",
"resource": "ingresses",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "httproutes",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "tcproutes",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "udproutes",
"strategy": "patch"
},
{
"group": "rbac.authorization.k8s.io",
"version": "v1",
Expand Down
88 changes: 86 additions & 2 deletions charts/kubescape-operator/tests/__snapshot__/snapshot_test.yaml.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3305,6 +3305,7 @@ all capabilities:
- nodes
- configmaps
- persistentvolumes
- services
verbs:
- get
- list
Expand Down Expand Up @@ -3333,6 +3334,7 @@ all capabilities:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
verbs:
- get
- list
Expand Down Expand Up @@ -3376,6 +3378,16 @@ all capabilities:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- udproutes
verbs:
- get
- list
- watch
87: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -3398,6 +3410,36 @@ all capabilities:
{
"inCluster": {
"resources": [
{
"group": "",
"version": "v1",
"resource": "services",
"strategy": "patch"
},
{
"group": "networking.k8s.io",
"version": "v1",
"resource": "ingresses",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "httproutes",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "tcproutes",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "udproutes",
"strategy": "patch"
},
{
"group": "rbac.authorization.k8s.io",
"version": "v1",
Expand Down Expand Up @@ -3586,7 +3628,7 @@ all capabilities:
checksum/cloud-config: c4dc912bbe62b0d5fd4734206c3cae52f56d766cbc20024182a2bcef09c0ae8e
checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99
checksum/proxy-config: 30e81a4193016803b4b7985b92028c4797c1e84d317a4b6b3e3a5406139f8847
checksum/synchronizer-configmap: 0a1812e3544a32ad663a16df7b823f8093c6268ca3f15cbdde223935d9ab0956
checksum/synchronizer-configmap: 87d35f32c50cf98880ce879a4b29629d2d2e5008115381c992d5de1ad6bb573c
labels:
app: synchronizer
app.kubernetes.io/instance: RELEASE-NAME
Expand Down Expand Up @@ -6711,6 +6753,7 @@ default capabilities:
- nodes
- configmaps
- persistentvolumes
- services
verbs:
- get
- list
Expand Down Expand Up @@ -6739,6 +6782,7 @@ default capabilities:
- networking.k8s.io
resources:
- networkpolicies
- ingresses
verbs:
- get
- list
Expand Down Expand Up @@ -6782,6 +6826,16 @@ default capabilities:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- httproutes
- tcproutes
- udproutes
verbs:
- get
- list
- watch
75: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -6804,6 +6858,36 @@ default capabilities:
{
"inCluster": {
"resources": [
{
"group": "",
"version": "v1",
"resource": "services",
"strategy": "patch"
},
{
"group": "networking.k8s.io",
"version": "v1",
"resource": "ingresses",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "httproutes",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "tcproutes",
"strategy": "patch"
},
{
"group": "gateway.networking.k8s.io",
"version": "v1",
"resource": "udproutes",
"strategy": "patch"
},
{
"group": "rbac.authorization.k8s.io",
"version": "v1",
Expand Down Expand Up @@ -6992,7 +7076,7 @@ default capabilities:
checksum/cloud-config: 98e72a3a1a24264d2cdebc86b61829ee5b941fb590d6ca717ebaa880922046c6
checksum/cloud-secret: 8665d3f0f7282091716b5fbf7356972eb83a5a9e86eb064218d24e9f66612b99
checksum/proxy-config: 30e81a4193016803b4b7985b92028c4797c1e84d317a4b6b3e3a5406139f8847
checksum/synchronizer-configmap: 0a1812e3544a32ad663a16df7b823f8093c6268ca3f15cbdde223935d9ab0956
checksum/synchronizer-configmap: 87d35f32c50cf98880ce879a4b29629d2d2e5008115381c992d5de1ad6bb573c
labels:
app: synchronizer
app.kubernetes.io/instance: RELEASE-NAME
Expand Down

0 comments on commit 740959f

Please sign in to comment.