[create-pull-request] automated change

Author: sunguroku

addons/sfn-chart/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v1
 name: sfn-chart
 description: A Helm chart for the ACK service controller for AWS Step Functions (Step-Functions)
-version: 1.0.6
-appVersion: 1.0.6
+version: 1.0.7
+appVersion: 1.0.7
 home: https://github.com/aws-controllers-k8s/sfn-controller
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

addons/sfn-chart/crds/services.k8s.aws_adoptedresources.yaml

@@ -161,10 +161,10 @@ spec:
                               description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                               type: string
                             name:
-                              description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names'
+                              description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names'
                               type: string
                             uid:
-                              description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids'
+                              description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids'
                               type: string
                           required:
                           - apiVersion

addons/sfn-chart/templates/NOTES.txt

@@ -1,5 +1,5 @@
 {{ .Chart.Name }} has been installed.
-This chart deploys "public.ecr.aws/aws-controllers-k8s/sfn-controller:1.0.6".
+This chart deploys "public.ecr.aws/aws-controllers-k8s/sfn-controller:1.0.7".
 
 Check its status by running:
   kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"

addons/sfn-chart/templates/_helpers.tpl

@@ -46,3 +46,114 @@ If release name contains chart name it will be used as a full name.
 {{- define "aws.credentials.path" -}}
 {{- printf "%s/%s" (include "aws.credentials.secret_mount_path" .) .Values.aws.credentials.secretKey -}}
 {{- end -}}
+
+{{/* The rules a of ClusterRole or Role */}}
+{{- define "controller-role-rules" }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - adoptedresources
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - adoptedresources/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - fieldexports
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - services.k8s.aws
+  resources:
+  - fieldexports/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - sfn.services.k8s.aws
+  resources:
+  - activities
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - sfn.services.k8s.aws
+  resources:
+  - activities/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - sfn.services.k8s.aws
+  resources:
+  - statemachines
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - sfn.services.k8s.aws
+  resources:
+  - statemachines/status
+  verbs:
+  - get
+  - patch
+  - update
+{{- end }}

addons/sfn-chart/templates/caches-role-binding.yaml

@@ -0,0 +1,26 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ack-namespaces-cache-sfn-controller
+roleRef:
+  kind: ClusterRole
+  apiGroup: rbac.authorization.k8s.io
+  name: ack-namespaces-cache-sfn-controller
+subjects:
+- kind: ServiceAccount
+  name: ack-sfn-controller
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ack-configmaps-cache-sfn-controller
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  apiGroup: rbac.authorization.k8s.io
+  name: ack-configmaps-cache-sfn-controller
+subjects:
+- kind: ServiceAccount
+  name: ack-sfn-controller
+  namespace: {{ .Release.Namespace }}

addons/sfn-chart/templates/caches-role.yaml

@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ack-namespaces-cache-sfn-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ack-configmaps-cache-sfn-controller
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch

addons/sfn-chart/templates/cluster-role-binding.yaml

@@ -1,21 +1,35 @@
-apiVersion: rbac.authorization.k8s.io/v1
 {{ if eq .Values.installScope "cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: {{ include "app.fullname" . }}
 roleRef:
   kind: ClusterRole
-{{ else }}
+  apiGroup: rbac.authorization.k8s.io
+  name: ack-sfn-controller
+subjects:
+- kind: ServiceAccount
+  name: {{ include "service-account.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ else if .Values.watchNamespace }}
+{{ $namespaces := split "," .Values.watchNamespace }}
+{{ $fullname := include "app.fullname" .  }}
+{{ $releaseNamespace := .Release.Namespace }}
+{{ $serviceAccountName := include "service-account.name" .  }}
+{{ range $namespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: {{ include "app.fullname" . }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ $fullname }}
+  namespace: {{ . }}
 roleRef:
   kind: Role
-{{ end }}
   apiGroup: rbac.authorization.k8s.io
   name: ack-sfn-controller
 subjects:
 - kind: ServiceAccount
-  name: {{ include "service-account.name" . }}
-  namespace: {{ .Release.Namespace }}
+  name: {{ $serviceAccountName }}
+  namespace: {{ $releaseNamespace }}
+{{ end }}
+{{ end }}

addons/sfn-chart/templates/cluster-role-controller.yaml

@@ -1,128 +1,28 @@
-apiVersion: rbac.authorization.k8s.io/v1
+{{ $labels := .Values.role.labels }}
+{{ $rules := include "controller-role-rules" . }}
 {{ if eq .Values.installScope "cluster" }}
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: ack-sfn-controller
   labels:
-  {{- range $key, $value := .Values.role.labels }}
+  {{- range $key, $value := $labels }}
     {{ $key }}: {{ $value | quote }}
   {{- end }}
-{{ else }}
+{{- $rules }}
+{{ else if .Values.watchNamespace }}
+{{ $namespaces := split "," .Values.watchNamespace }}
+{{ range $namespaces }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  creationTimestamp: null
   name: ack-sfn-controller
+  namespace: {{ . }}
   labels:
-  {{- range $key, $value := .Values.role.labels }}
+  {{- range $key, $value := $labels }}
     {{ $key }}: {{ $value | quote }}
   {{- end }}
-  namespace: {{ .Release.Namespace }}
+{{- $rules }}
 {{ end }}
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - patch
-  - watch
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - adoptedresources
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - adoptedresources/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - fieldexports
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - services.k8s.aws
-  resources:
-  - fieldexports/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - sfn.services.k8s.aws
-  resources:
-  - activities
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - sfn.services.k8s.aws
-  resources:
-  - activities/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - sfn.services.k8s.aws
-  resources:
-  - statemachines
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - sfn.services.k8s.aws
-  resources:
-  - statemachines/status
-  verbs:
-  - get
-  - patch
-  - update
+{{ end }}