feat: add RBAC for watching CRDs by controller (#796)

Adds watch and list permissions for apiextensions.k8s.io.customresourcedefinitions to controller's ClusterRole to enable watching CRDs and start reconcilers dynamically once they get installed implemented in Kong/kubernetes-ingress-controller#3996.
Kong · May 16, 2023 · f464cdd · f464cdd
1 parent a3d2c0d
commit f464cdd
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Changelog
 
-## Unreleased
+## 2.21.0
 
 ### Improvements
 
@@ -9,6 +9,8 @@
  [#792](https:/Kong/charts/pull/792)
 * Customize Admission Webhook namespaceSelectors and compose them from values.
  [#794](https:/Kong/charts/pull/794)
+* Added `CustomResourceDefinition` `list` and `watch` permissions to controller's ClusterRole.
+ [#796](https:/Kong/charts/pull/796)
 
 ## 2.20.2
 

diff --git a/charts/kong/Chart.yaml b/charts/kong/Chart.yaml
@@ -11,7 +11,7 @@ maintainers:
 name: kong
 sources:
 - https:/Kong/charts/tree/main/charts/kong
-version: 2.20.2
+version: 2.21.0
 appVersion: "3.2"
 dependencies:
 - name: postgresql

diff --git a/charts/kong/templates/_helpers.tpl b/charts/kong/templates/_helpers.tpl
@@ -1488,6 +1488,15 @@ Kubernetes Cluster-scoped resources it uses to build Kong configuration.
  - get
  - patch
  - update
+{{- if (semverCompare ">= 2.10.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - list
+ - watch
+{{- end }}
 {{- if or (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1alpha2") (.Capabilities.APIVersions.Has "gateway.networking.k8s.io/v1beta1") }}
 - apiGroups:
  - gateway.networking.k8s.io