Merge pull request #43 from foomo/beam-v0.4.2

Beam v0.4.2
foomo · Nov 7, 2024 · 80192f5 · 80192f5
2 parents 870fefd + cb28785
commit 80192f5
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 8 deletions.
diff --git a/charts/beam/Chart.yaml b/charts/beam/Chart.yaml
@@ -22,7 +22,6 @@ dependencies:
     version: 2.3.3
     repository: "oci://registry-1.docker.io/bitnamicharts"
     condition: pinniped.enabled
-version: 0.4.1
-appVersion: 0.4.1
-
+version: 0.4.2
+appVersion: 0.4.2
 
diff --git a/charts/beam/README.md b/charts/beam/README.md
@@ -1,6 +1,6 @@
 # beam
 
-![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.1](https://img.shields.io/badge/AppVersion-0.4.1-informational?style=flat-square)
+![Version: 0.4.2](https://img.shields.io/badge/Version-0.4.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.4.2](https://img.shields.io/badge/AppVersion-0.4.2-informational?style=flat-square)
 
 Secure infrastructure access
 
@@ -203,7 +203,8 @@ HTTPS_PROXY=socks5://127.0.0.1:1234 kubectl get namespaces --kubeconfig "beam-ku
 | pinniped.concierge.credentialIssuerConfig | string | `"impersonationProxy:\n  mode: enabled\n  service:\n    type: ClusterIP\n  externalEndpoint: {{ .Release.Name }}-pinniped-concierge-impersonation-proxy-cluster-ip.{{ .Release.Namespace }}:443\n"` | Override dependency |
 | pinniped.concierge.enabled | bool | `false` | Enable concierge |
 | pinniped.concierge.jwtAuths | object | `{}` | JWT Authenticators for Concierge |
-| pinniped.concierge.teams | object | `{}` | ClusterRoleBinding to create in the cluster |
+| pinniped.concierge.teams | object | `{}` | ClusterRoleBinding to create in the cluster for teams (groups) |
+| pinniped.concierge.users | object | `{}` | ClusterRoleBinding to create in the cluster for users |
 | pinniped.enabled | bool | `false` | Enable pinniped |
 | pinniped.supervisor.enabled | bool | `false` | Enable supervisor |
 | pinniped.supervisor.federationDomains | object | `{}` | Federation Domains to create in the supervisor cluster |

diff --git a/...niped-concierge/cluster-role-binding.yaml → ...inniped-concierge/clusterrolebinding.yaml b/...niped-concierge/cluster-role-binding.yaml → ...inniped-concierge/clusterrolebinding.yaml
@@ -1,4 +1,22 @@
 {{- if .Values.pinniped.concierge.enabled }}
+{{- range $k,$v := .Values.pinniped.concierge.users }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "beam.pinniped.concierge.fullname" $ }}-{{ $k }}
+  labels:
+    {{- include "beam.pinniped.concierge.labels" $ | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $v.role }}
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: {{ $v.user }}
+{{- end }}
+
 {{- range $k,$v := .Values.pinniped.concierge.teams }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/charts/beam/values.schema.json b/charts/beam/values.schema.json
@@ -796,17 +796,24 @@
             },
             "jwtAuths": {
               "additionalProperties": true,
-              "description": "teams:\n  dev:\n    role: editor\n    team: organization/team-dev\n  devops:\n    role: cluster-admin\n    team: organization/team-devops\nJWT Authenticators for Concierge",
+              "description": "users:\n  user1:\n    role: editor\n    user: user\nJWT Authenticators for Concierge",
               "required": [],
               "title": "jwtAuths",
               "type": "object"
             },
             "teams": {
               "additionalProperties": true,
-              "description": "ClusterRoleBinding to create in the cluster",
+              "description": "ClusterRoleBinding to create in the cluster for teams (groups)",
               "required": [],
               "title": "teams",
               "type": "object"
+            },
+            "users": {
+              "additionalProperties": true,
+              "description": "teams:\n  dev:\n    role: editor\n    team: organization/team-dev\n  devops:\n    role: cluster-admin\n    team: organization/team-devops\nClusterRoleBinding to create in the cluster for users",
+              "required": [],
+              "title": "users",
+              "type": "object"
             }
           },
           "required": [],

diff --git a/charts/beam/values.yaml b/charts/beam/values.yaml
@@ -594,7 +594,7 @@ pinniped:
     # type: object
     # additionalProperties: true
     # @schema
-    # -- ClusterRoleBinding to create in the cluster
+    # -- ClusterRoleBinding to create in the cluster for teams (groups)
     # @section -- Pinniped settings
     teams: {}
     # teams:
@@ -608,6 +608,17 @@ pinniped:
     # type: object
     # additionalProperties: true
     # @schema
+    # -- ClusterRoleBinding to create in the cluster for users
+    # @section -- Pinniped settings
+    users: {}
+    # users:
+    #   user1:
+    #     role: editor
+    #     user: [email protected]
+    # @schema
+    # type: object
+    # additionalProperties: true
+    # @schema
     # -- JWT Authenticators for Concierge
     # @section -- Pinniped settings
     jwtAuths: {}