diff --git a/class/defaults.yml b/class/defaults.yml index 6c49c7d..bc8b3e9 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -11,7 +11,7 @@ parameters: finalizers: - resources-finalizer.argocd.argoproj.io charts: - crossplane: 1.12.3 + crossplane: 2.2.0 images: crossplane: registry: docker.io diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml index 597c4bd..451fb96 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane --- apiVersion: rbac.authorization.k8s.io/v1 @@ -26,9 +26,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 + app.kubernetes.io/version: 2.2.0 crossplane.io/scope: system - helm.sh/chart: crossplane-1.12.3 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-crossplane: 'true' name: crossplane:system:aggregate-to-crossplane rules: @@ -45,6 +45,7 @@ rules: - apiextensions.k8s.io resources: - customresourcedefinitions + - customresourcedefinitions/status verbs: - '*' - apiGroups: @@ -68,8 +69,9 @@ rules: - '*' - apiGroups: - apiextensions.crossplane.io + - ops.crossplane.io - pkg.crossplane.io - - secrets.crossplane.io + - protection.crossplane.io resources: - '*' verbs: diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml index 8799530..bf8888c 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml index cf7ac6a..3c280a8 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane namespace: syn-crossplane @@ -34,8 +34,8 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: @@ -47,26 +47,38 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: LEADER_ELECTION value: 'true' - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - - name: WEBHOOK_TLS_CERT_DIR - value: /webhook/tls + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_SERVER_CERTS_DIR + value: /tls/server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client + - name: TLS_CLIENT_CERTS_DIR + value: /tls/client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane ports: + - containerPort: 8081 + name: readyz - containerPort: 8080 name: metrics - containerPort: 9443 @@ -74,7 +86,7 @@ spec: resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -83,26 +95,39 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: 65532 + startupProbe: + failureThreshold: 30 + periodSeconds: 2 + tcpSocket: + port: readyz volumeMounts: - - mountPath: /cache + - mountPath: /cache/xpkg name: package-cache - - mountPath: /webhook/tls - name: webhook-tls-secret + - mountPath: /cache/xfn + name: function-cache + - mountPath: /tls/server + name: tls-server-certs + - mountPath: /tls/client + name: tls-client-certs hostNetwork: false initContainers: - args: - core - init + - --activation + - '*' env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: @@ -112,8 +137,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - name: WEBHOOK_SERVICE_NAME value: crossplane-webhooks - name: WEBHOOK_SERVICE_NAMESPACE @@ -122,13 +145,19 @@ spec: fieldPath: metadata.namespace - name: WEBHOOK_SERVICE_PORT value: '9443' + - name: TLS_CA_SECRET_NAME + value: crossplane-root-ca + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane-init resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -137,13 +166,19 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: 65532 - securityContext: {} serviceAccountName: crossplane volumes: - emptyDir: medium: null sizeLimit: 20Mi name: package-cache - - name: webhook-tls-secret + - emptyDir: + medium: null + sizeLimit: 512Mi + name: function-cache + - name: tls-server-certs + secret: + secretName: crossplane-tls-server + - name: tls-client-certs secret: - secretName: webhook-tls-secret + secretName: crossplane-tls-client diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml index 84bc6bb..f23c006 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane:allowed-provider-permissions diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml index 430144a..17067ba 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager rules: - apiGroups: @@ -25,7 +25,14 @@ rules: - '' resources: - namespaces - - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments verbs: - get - list diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml index 11273e2..8622510 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index 80c9544..6bb96b6 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-rbac-manager namespace: syn-crossplane @@ -34,26 +34,27 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: - args: - rbac - start - - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: LEADER_ELECTION value: 'true' @@ -84,11 +85,13 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent @@ -105,5 +108,4 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: 65532 - securityContext: {} serviceAccountName: rbac-manager diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml index fd3dfc9..43ad8b9 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin --- aggregationRule: @@ -30,8 +30,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-edit --- aggregationRule: @@ -48,8 +48,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-view --- aggregationRule: @@ -66,8 +66,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-browse --- apiVersion: rbac.authorization.k8s.io/v1 @@ -80,8 +80,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-admin: 'true' name: crossplane:aggregate-to-admin rules: @@ -125,10 +125,13 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' verbs: - '*' - apiGroups: @@ -139,6 +142,18 @@ rules: - get - list - watch + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -150,8 +165,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-edit: 'true' name: crossplane:aggregate-to-edit rules: @@ -186,10 +201,25 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' verbs: - '*' --- @@ -203,8 +233,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-view: 'true' name: crossplane:aggregate-to-view rules: @@ -235,91 +265,35 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-browse: 'true' - name: crossplane:aggregate-to-browse -rules: - - apiGroups: - - '' - resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - apiextensions.crossplane.io + - secrets.crossplane.io resources: - '*' verbs: - get - list - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-admin: 'true' - rbac.crossplane.io/base-of-ns-admin: 'true' - name: crossplane:aggregate-to-ns-admin -rules: - apiGroups: - - '' + - protection.crossplane.io resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - '' + - ops.crossplane.io resources: - - secrets - verbs: - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles verbs: - get - list - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -331,11 +305,10 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-edit: 'true' - rbac.crossplane.io/base-of-ns-edit: 'true' - name: crossplane:aggregate-to-ns-edit + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 + rbac.crossplane.io/aggregate-to-browse: 'true' + name: crossplane:aggregate-to-browse rules: - apiGroups: - '' @@ -346,32 +319,9 @@ rules: - list - watch - apiGroups: - - '' + - apiextensions.crossplane.io resources: - - secrets - verbs: - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-view: 'true' - rbac.crossplane.io/base-of-ns-view: 'true' - name: crossplane:aggregate-to-ns-view -rules: - - apiGroups: - - '' - resources: - - events verbs: - get - list @@ -387,8 +337,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml index 2693830..483794c 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: rbac-manager namespace: syn-crossplane diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml index 1cd3153..3eaa037 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml @@ -1,6 +1,20 @@ apiVersion: v1 kind: Secret metadata: - name: webhook-tls-secret + name: crossplane-root-ca + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-server + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-client namespace: syn-crossplane type: Opaque diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml index 78cda6a..749b2d1 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml @@ -1,6 +1,7 @@ apiVersion: v1 kind: Service metadata: + annotations: null labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller @@ -8,8 +9,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-webhooks namespace: syn-crossplane diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml index 7d39edb..056bb5c 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane namespace: syn-crossplane diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml index 597c4bd..451fb96 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane --- apiVersion: rbac.authorization.k8s.io/v1 @@ -26,9 +26,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 + app.kubernetes.io/version: 2.2.0 crossplane.io/scope: system - helm.sh/chart: crossplane-1.12.3 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-crossplane: 'true' name: crossplane:system:aggregate-to-crossplane rules: @@ -45,6 +45,7 @@ rules: - apiextensions.k8s.io resources: - customresourcedefinitions + - customresourcedefinitions/status verbs: - '*' - apiGroups: @@ -68,8 +69,9 @@ rules: - '*' - apiGroups: - apiextensions.crossplane.io + - ops.crossplane.io - pkg.crossplane.io - - secrets.crossplane.io + - protection.crossplane.io resources: - '*' verbs: diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml index 8799530..bf8888c 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml index cf7ac6a..3c280a8 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane namespace: syn-crossplane @@ -34,8 +34,8 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: @@ -47,26 +47,38 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: LEADER_ELECTION value: 'true' - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - - name: WEBHOOK_TLS_CERT_DIR - value: /webhook/tls + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_SERVER_CERTS_DIR + value: /tls/server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client + - name: TLS_CLIENT_CERTS_DIR + value: /tls/client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane ports: + - containerPort: 8081 + name: readyz - containerPort: 8080 name: metrics - containerPort: 9443 @@ -74,7 +86,7 @@ spec: resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -83,26 +95,39 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: 65532 + startupProbe: + failureThreshold: 30 + periodSeconds: 2 + tcpSocket: + port: readyz volumeMounts: - - mountPath: /cache + - mountPath: /cache/xpkg name: package-cache - - mountPath: /webhook/tls - name: webhook-tls-secret + - mountPath: /cache/xfn + name: function-cache + - mountPath: /tls/server + name: tls-server-certs + - mountPath: /tls/client + name: tls-client-certs hostNetwork: false initContainers: - args: - core - init + - --activation + - '*' env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: @@ -112,8 +137,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - name: WEBHOOK_SERVICE_NAME value: crossplane-webhooks - name: WEBHOOK_SERVICE_NAMESPACE @@ -122,13 +145,19 @@ spec: fieldPath: metadata.namespace - name: WEBHOOK_SERVICE_PORT value: '9443' + - name: TLS_CA_SECRET_NAME + value: crossplane-root-ca + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane-init resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -137,13 +166,19 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: 65532 - securityContext: {} serviceAccountName: crossplane volumes: - emptyDir: medium: null sizeLimit: 20Mi name: package-cache - - name: webhook-tls-secret + - emptyDir: + medium: null + sizeLimit: 512Mi + name: function-cache + - name: tls-server-certs + secret: + secretName: crossplane-tls-server + - name: tls-client-certs secret: - secretName: webhook-tls-secret + secretName: crossplane-tls-client diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml index 84bc6bb..f23c006 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane:allowed-provider-permissions diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml index 430144a..17067ba 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager rules: - apiGroups: @@ -25,7 +25,14 @@ rules: - '' resources: - namespaces - - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments verbs: - get - list diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml index 11273e2..8622510 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index 80c9544..6bb96b6 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-rbac-manager namespace: syn-crossplane @@ -34,26 +34,27 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: - args: - rbac - start - - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: LEADER_ELECTION value: 'true' @@ -84,11 +85,13 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent @@ -105,5 +108,4 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: 65532 - securityContext: {} serviceAccountName: rbac-manager diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml index fd3dfc9..43ad8b9 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin --- aggregationRule: @@ -30,8 +30,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-edit --- aggregationRule: @@ -48,8 +48,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-view --- aggregationRule: @@ -66,8 +66,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-browse --- apiVersion: rbac.authorization.k8s.io/v1 @@ -80,8 +80,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-admin: 'true' name: crossplane:aggregate-to-admin rules: @@ -125,10 +125,13 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' verbs: - '*' - apiGroups: @@ -139,6 +142,18 @@ rules: - get - list - watch + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -150,8 +165,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-edit: 'true' name: crossplane:aggregate-to-edit rules: @@ -186,10 +201,25 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' verbs: - '*' --- @@ -203,8 +233,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-view: 'true' name: crossplane:aggregate-to-view rules: @@ -235,91 +265,35 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-browse: 'true' - name: crossplane:aggregate-to-browse -rules: - - apiGroups: - - '' - resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - apiextensions.crossplane.io + - secrets.crossplane.io resources: - '*' verbs: - get - list - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-admin: 'true' - rbac.crossplane.io/base-of-ns-admin: 'true' - name: crossplane:aggregate-to-ns-admin -rules: - apiGroups: - - '' + - protection.crossplane.io resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - '' + - ops.crossplane.io resources: - - secrets - verbs: - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles verbs: - get - list - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -331,11 +305,10 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-edit: 'true' - rbac.crossplane.io/base-of-ns-edit: 'true' - name: crossplane:aggregate-to-ns-edit + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 + rbac.crossplane.io/aggregate-to-browse: 'true' + name: crossplane:aggregate-to-browse rules: - apiGroups: - '' @@ -346,32 +319,9 @@ rules: - list - watch - apiGroups: - - '' + - apiextensions.crossplane.io resources: - - secrets - verbs: - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-view: 'true' - rbac.crossplane.io/base-of-ns-view: 'true' - name: crossplane:aggregate-to-ns-view -rules: - - apiGroups: - - '' - resources: - - events verbs: - get - list @@ -387,8 +337,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml index 2693830..483794c 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: rbac-manager namespace: syn-crossplane diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml index 1cd3153..3eaa037 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml @@ -1,6 +1,20 @@ apiVersion: v1 kind: Secret metadata: - name: webhook-tls-secret + name: crossplane-root-ca + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-server + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-client namespace: syn-crossplane type: Opaque diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml index 78cda6a..749b2d1 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml @@ -1,6 +1,7 @@ apiVersion: v1 kind: Service metadata: + annotations: null labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller @@ -8,8 +9,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-webhooks namespace: syn-crossplane diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml index 7d39edb..056bb5c 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane namespace: syn-crossplane diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml index 597c4bd..451fb96 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane --- apiVersion: rbac.authorization.k8s.io/v1 @@ -26,9 +26,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 + app.kubernetes.io/version: 2.2.0 crossplane.io/scope: system - helm.sh/chart: crossplane-1.12.3 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-crossplane: 'true' name: crossplane:system:aggregate-to-crossplane rules: @@ -45,6 +45,7 @@ rules: - apiextensions.k8s.io resources: - customresourcedefinitions + - customresourcedefinitions/status verbs: - '*' - apiGroups: @@ -68,8 +69,9 @@ rules: - '*' - apiGroups: - apiextensions.crossplane.io + - ops.crossplane.io - pkg.crossplane.io - - secrets.crossplane.io + - protection.crossplane.io resources: - '*' verbs: diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml index 8799530..bf8888c 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml index e29694c..ebc2711 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane namespace: syn-crossplane @@ -34,8 +34,8 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: @@ -47,26 +47,38 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: LEADER_ELECTION value: 'true' - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - - name: WEBHOOK_TLS_CERT_DIR - value: /webhook/tls + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_SERVER_CERTS_DIR + value: /tls/server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client + - name: TLS_CLIENT_CERTS_DIR + value: /tls/client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane ports: + - containerPort: 8081 + name: readyz - containerPort: 8080 name: metrics - containerPort: 9443 @@ -74,7 +86,7 @@ spec: resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -83,26 +95,39 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: null + startupProbe: + failureThreshold: 30 + periodSeconds: 2 + tcpSocket: + port: readyz volumeMounts: - - mountPath: /cache + - mountPath: /cache/xpkg name: package-cache - - mountPath: /webhook/tls - name: webhook-tls-secret + - mountPath: /cache/xfn + name: function-cache + - mountPath: /tls/server + name: tls-server-certs + - mountPath: /tls/client + name: tls-client-certs hostNetwork: false initContainers: - args: - core - init + - --activation + - '*' env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: @@ -112,8 +137,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - name: WEBHOOK_SERVICE_NAME value: crossplane-webhooks - name: WEBHOOK_SERVICE_NAMESPACE @@ -122,13 +145,19 @@ spec: fieldPath: metadata.namespace - name: WEBHOOK_SERVICE_PORT value: '9443' + - name: TLS_CA_SECRET_NAME + value: crossplane-root-ca + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane-init resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -137,13 +166,19 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: null - securityContext: {} serviceAccountName: crossplane volumes: - emptyDir: medium: null sizeLimit: 20Mi name: package-cache - - name: webhook-tls-secret + - emptyDir: + medium: null + sizeLimit: 512Mi + name: function-cache + - name: tls-server-certs + secret: + secretName: crossplane-tls-server + - name: tls-client-certs secret: - secretName: webhook-tls-secret + secretName: crossplane-tls-client diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml index 84bc6bb..f23c006 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane:allowed-provider-permissions diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml index 430144a..17067ba 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager rules: - apiGroups: @@ -25,7 +25,14 @@ rules: - '' resources: - namespaces - - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments verbs: - get - list diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml index 11273e2..8622510 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index 7277ec8..168e51b 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-rbac-manager namespace: syn-crossplane @@ -34,26 +34,27 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: - args: - rbac - start - - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: LEADER_ELECTION value: 'true' @@ -84,11 +85,13 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent @@ -105,5 +108,4 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: null - securityContext: {} serviceAccountName: rbac-manager diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml index fd3dfc9..43ad8b9 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin --- aggregationRule: @@ -30,8 +30,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-edit --- aggregationRule: @@ -48,8 +48,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-view --- aggregationRule: @@ -66,8 +66,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-browse --- apiVersion: rbac.authorization.k8s.io/v1 @@ -80,8 +80,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-admin: 'true' name: crossplane:aggregate-to-admin rules: @@ -125,10 +125,13 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' verbs: - '*' - apiGroups: @@ -139,6 +142,18 @@ rules: - get - list - watch + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -150,8 +165,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-edit: 'true' name: crossplane:aggregate-to-edit rules: @@ -186,10 +201,25 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' verbs: - '*' --- @@ -203,8 +233,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-view: 'true' name: crossplane:aggregate-to-view rules: @@ -235,91 +265,35 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-browse: 'true' - name: crossplane:aggregate-to-browse -rules: - - apiGroups: - - '' - resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - apiextensions.crossplane.io + - secrets.crossplane.io resources: - '*' verbs: - get - list - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-admin: 'true' - rbac.crossplane.io/base-of-ns-admin: 'true' - name: crossplane:aggregate-to-ns-admin -rules: - apiGroups: - - '' + - protection.crossplane.io resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - '' + - ops.crossplane.io resources: - - secrets - verbs: - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles verbs: - get - list - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -331,11 +305,10 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-edit: 'true' - rbac.crossplane.io/base-of-ns-edit: 'true' - name: crossplane:aggregate-to-ns-edit + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 + rbac.crossplane.io/aggregate-to-browse: 'true' + name: crossplane:aggregate-to-browse rules: - apiGroups: - '' @@ -346,32 +319,9 @@ rules: - list - watch - apiGroups: - - '' + - apiextensions.crossplane.io resources: - - secrets - verbs: - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-view: 'true' - rbac.crossplane.io/base-of-ns-view: 'true' - name: crossplane:aggregate-to-ns-view -rules: - - apiGroups: - - '' - resources: - - events verbs: - get - list @@ -387,8 +337,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml index 2693830..483794c 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: rbac-manager namespace: syn-crossplane diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml index 1cd3153..3eaa037 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml @@ -1,6 +1,20 @@ apiVersion: v1 kind: Secret metadata: - name: webhook-tls-secret + name: crossplane-root-ca + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-server + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-client namespace: syn-crossplane type: Opaque diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml index 78cda6a..749b2d1 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml @@ -1,6 +1,7 @@ apiVersion: v1 kind: Service metadata: + annotations: null labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller @@ -8,8 +9,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-webhooks namespace: syn-crossplane diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml index 7d39edb..056bb5c 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane namespace: syn-crossplane diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml index 597c4bd..451fb96 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrole.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane --- apiVersion: rbac.authorization.k8s.io/v1 @@ -26,9 +26,9 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 + app.kubernetes.io/version: 2.2.0 crossplane.io/scope: system - helm.sh/chart: crossplane-1.12.3 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-crossplane: 'true' name: crossplane:system:aggregate-to-crossplane rules: @@ -45,6 +45,7 @@ rules: - apiextensions.k8s.io resources: - customresourcedefinitions + - customresourcedefinitions/status verbs: - '*' - apiGroups: @@ -68,8 +69,9 @@ rules: - '*' - apiGroups: - apiextensions.crossplane.io + - ops.crossplane.io - pkg.crossplane.io - - secrets.crossplane.io + - protection.crossplane.io resources: - '*' verbs: diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml index 8799530..bf8888c 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml index e29694c..ebc2711 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane namespace: syn-crossplane @@ -34,8 +34,8 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: @@ -47,26 +47,38 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: POD_SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: LEADER_ELECTION value: 'true' - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - - name: WEBHOOK_TLS_CERT_DIR - value: /webhook/tls + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_SERVER_CERTS_DIR + value: /tls/server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client + - name: TLS_CLIENT_CERTS_DIR + value: /tls/client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane ports: + - containerPort: 8081 + name: readyz - containerPort: 8080 name: metrics - containerPort: 9443 @@ -74,7 +86,7 @@ spec: resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -83,26 +95,39 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: null + startupProbe: + failureThreshold: 30 + periodSeconds: 2 + tcpSocket: + port: readyz volumeMounts: - - mountPath: /cache + - mountPath: /cache/xpkg name: package-cache - - mountPath: /webhook/tls - name: webhook-tls-secret + - mountPath: /cache/xfn + name: function-cache + - mountPath: /tls/server + name: tls-server-certs + - mountPath: /tls/client + name: tls-client-certs hostNetwork: false initContainers: - args: - core - init + - --activation + - '*' env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory - name: POD_NAMESPACE valueFrom: @@ -112,8 +137,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - - name: WEBHOOK_TLS_SECRET_NAME - value: webhook-tls-secret - name: WEBHOOK_SERVICE_NAME value: crossplane-webhooks - name: WEBHOOK_SERVICE_NAMESPACE @@ -122,13 +145,19 @@ spec: fieldPath: metadata.namespace - name: WEBHOOK_SERVICE_PORT value: '9443' + - name: TLS_CA_SECRET_NAME + value: crossplane-root-ca + - name: TLS_SERVER_SECRET_NAME + value: crossplane-tls-server + - name: TLS_CLIENT_SECRET_NAME + value: crossplane-tls-client image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent name: crossplane-init resources: limits: cpu: 1000m - memory: 512Mi + memory: 1024Mi requests: cpu: 500m memory: 256Mi @@ -137,13 +166,19 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: null - securityContext: {} serviceAccountName: crossplane volumes: - emptyDir: medium: null sizeLimit: 20Mi name: package-cache - - name: webhook-tls-secret + - emptyDir: + medium: null + sizeLimit: 512Mi + name: function-cache + - name: tls-server-certs + secret: + secretName: crossplane-tls-server + - name: tls-client-certs secret: - secretName: webhook-tls-secret + secretName: crossplane-tls-client diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml index 84bc6bb..f23c006 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-allowed-provider-permissions.yaml @@ -12,6 +12,6 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane:allowed-provider-permissions diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml index 430144a..17067ba 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrole.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager rules: - apiGroups: @@ -25,7 +25,14 @@ rules: - '' resources: - namespaces - - serviceaccounts + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments verbs: - get - list diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml index 11273e2..8622510 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-clusterrolebinding.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-rbac-manager roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index 7277ec8..168e51b 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -8,8 +8,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-rbac-manager namespace: syn-crossplane @@ -34,26 +34,27 @@ spec: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane spec: containers: - args: - rbac - start - - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: GOMAXPROCS valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane + divisor: '1' resource: limits.memory - name: LEADER_ELECTION value: 'true' @@ -84,11 +85,13 @@ spec: valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.cpu - name: GOMEMLIMIT valueFrom: resourceFieldRef: containerName: crossplane-init + divisor: '1' resource: limits.memory image: docker.io/crossplane/crossplane:v1.12.3 imagePullPolicy: IfNotPresent @@ -105,5 +108,4 @@ spec: readOnlyRootFilesystem: true runAsGroup: 65532 runAsUser: null - securityContext: {} serviceAccountName: rbac-manager diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml index fd3dfc9..43ad8b9 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-managed-clusterroles.yaml @@ -12,8 +12,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin --- aggregationRule: @@ -30,8 +30,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-edit --- aggregationRule: @@ -48,8 +48,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-view --- aggregationRule: @@ -66,8 +66,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-browse --- apiVersion: rbac.authorization.k8s.io/v1 @@ -80,8 +80,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-admin: 'true' name: crossplane:aggregate-to-admin rules: @@ -125,10 +125,13 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' verbs: - '*' - apiGroups: @@ -139,6 +142,18 @@ rules: - get - list - watch + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -150,8 +165,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-edit: 'true' name: crossplane:aggregate-to-edit rules: @@ -186,10 +201,25 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions + - '*' + verbs: + - '*' + - apiGroups: + - secrets.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - protection.crossplane.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - ops.crossplane.io + resources: + - '*' verbs: - '*' --- @@ -203,8 +233,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 rbac.crossplane.io/aggregate-to-view: 'true' name: crossplane:aggregate-to-view rules: @@ -235,91 +265,35 @@ rules: - apiGroups: - pkg.crossplane.io resources: - - providers - - configurations - - providerrevisions - - configurationrevisions - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-browse: 'true' - name: crossplane:aggregate-to-browse -rules: - - apiGroups: - - '' - resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - apiextensions.crossplane.io + - secrets.crossplane.io resources: - '*' verbs: - get - list - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-admin: 'true' - rbac.crossplane.io/base-of-ns-admin: 'true' - name: crossplane:aggregate-to-ns-admin -rules: - apiGroups: - - '' + - protection.crossplane.io resources: - - events + - '*' verbs: - get - list - watch - apiGroups: - - '' + - ops.crossplane.io resources: - - secrets - verbs: - '*' - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles verbs: - get - list - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -331,11 +305,10 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-edit: 'true' - rbac.crossplane.io/base-of-ns-edit: 'true' - name: crossplane:aggregate-to-ns-edit + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 + rbac.crossplane.io/aggregate-to-browse: 'true' + name: crossplane:aggregate-to-browse rules: - apiGroups: - '' @@ -346,32 +319,9 @@ rules: - list - watch - apiGroups: - - '' + - apiextensions.crossplane.io resources: - - secrets - verbs: - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app: crossplane - app.kubernetes.io/component: cloud-infrastructure-controller - app.kubernetes.io/instance: crossplane - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: crossplane - app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 - rbac.crossplane.io/aggregate-to-ns-view: 'true' - rbac.crossplane.io/base-of-ns-view: 'true' - name: crossplane:aggregate-to-ns-view -rules: - - apiGroups: - - '' - resources: - - events verbs: - get - list @@ -387,8 +337,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane-admin roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml index 2693830..483794c 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: rbac-manager namespace: syn-crossplane diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml index 1cd3153..3eaa037 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/secret.yaml @@ -1,6 +1,20 @@ apiVersion: v1 kind: Secret metadata: - name: webhook-tls-secret + name: crossplane-root-ca + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-server + namespace: syn-crossplane +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: crossplane-tls-client namespace: syn-crossplane type: Opaque diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml index 78cda6a..749b2d1 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/service.yaml @@ -1,6 +1,7 @@ apiVersion: v1 kind: Service metadata: + annotations: null labels: app: crossplane app.kubernetes.io/component: cloud-infrastructure-controller @@ -8,8 +9,8 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 release: crossplane name: crossplane-webhooks namespace: syn-crossplane diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml index 7d39edb..056bb5c 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ apiVersion: v1 +automountServiceAccountToken: true kind: ServiceAccount metadata: labels: @@ -8,7 +9,7 @@ metadata: app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: crossplane app.kubernetes.io/part-of: crossplane - app.kubernetes.io/version: 1.12.3 - helm.sh/chart: crossplane-1.12.3 + app.kubernetes.io/version: 2.2.0 + helm.sh/chart: crossplane-2.2.0 name: crossplane namespace: syn-crossplane