From 5925a5e693170781b7c937c31b91a23d4518dd77 Mon Sep 17 00:00:00 2001
From: Rokibul Hasan <mdrokibulhasan@appscode.com>
Date: Tue, 27 Feb 2024 10:47:52 +0600
Subject: [PATCH] Fix cluster-auth chart (#7)

Signed-off-by: Rokibul Hasan <mdrokibulhasan@appscode.com>
---
 apis/installer/v1alpha1/cluster_auth_types.go |  9 ++++++
 .../v1alpha1/zz_generated.deepcopy.go         | 32 +++++++++++++++++++
 charts/cluster-auth/README.md                 |  1 +
 .../cluster-auth/templates/cluster-role.yaml  |  2 +-
 charts/cluster-auth/templates/deployment.yaml |  2 +-
 .../cluster-auth/values.openapiv3_schema.yaml | 13 ++++++++
 charts/cluster-auth/values.yaml               |  3 ++
 7 files changed, 60 insertions(+), 2 deletions(-)

diff --git a/apis/installer/v1alpha1/cluster_auth_types.go b/apis/installer/v1alpha1/cluster_auth_types.go
index de8a04e1..aeed8f59 100644
--- a/apis/installer/v1alpha1/cluster_auth_types.go
+++ b/apis/installer/v1alpha1/cluster_auth_types.go
@@ -76,6 +76,7 @@ type ClusterAuthSpec struct {
 	PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
 	ServiceAccount     ServiceAccountSpec       `json:"serviceAccount"`
 	Monitoring         Monitoring               `json:"monitoring"`
+	ApiServer          ApiServerSpec            `json:"apiServer"`
 }
 
 type ImageRef struct {
@@ -102,6 +103,14 @@ type ServiceAccountSpec struct {
 	Annotations map[string]string `json:"annotations"`
 }
 
+type ApiServerSpec struct {
+	Healthcheck HealthcheckSpec `json:"healthcheck"`
+}
+
+type HealthcheckSpec struct {
+	Enabled bool `json:"enabled"`
+}
+
 // +kubebuilder:validation:Enum=prometheus.io;prometheus.io/operator;prometheus.io/builtin
 type MonitoringAgent string
 
diff --git a/apis/installer/v1alpha1/zz_generated.deepcopy.go b/apis/installer/v1alpha1/zz_generated.deepcopy.go
index 2601564b..b23a28ba 100644
--- a/apis/installer/v1alpha1/zz_generated.deepcopy.go
+++ b/apis/installer/v1alpha1/zz_generated.deepcopy.go
@@ -25,6 +25,22 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 )
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ApiServerSpec) DeepCopyInto(out *ApiServerSpec) {
+	*out = *in
+	out.Healthcheck = in.Healthcheck
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApiServerSpec.
+func (in *ApiServerSpec) DeepCopy() *ApiServerSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(ApiServerSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ClusterAuth) DeepCopyInto(out *ClusterAuth) {
 	*out = *in
@@ -206,6 +222,7 @@ func (in *ClusterAuthSpec) DeepCopyInto(out *ClusterAuthSpec) {
 	}
 	in.ServiceAccount.DeepCopyInto(&out.ServiceAccount)
 	in.Monitoring.DeepCopyInto(&out.Monitoring)
+	out.ApiServer = in.ApiServer
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAuthSpec.
@@ -445,6 +462,21 @@ func (in *FeatureGate) DeepCopy() *FeatureGate {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HealthcheckSpec) DeepCopyInto(out *HealthcheckSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthcheckSpec.
+func (in *HealthcheckSpec) DeepCopy() *HealthcheckSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(HealthcheckSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *HubBundleVersion) DeepCopyInto(out *HubBundleVersion) {
 	*out = *in
diff --git a/charts/cluster-auth/README.md b/charts/cluster-auth/README.md
index 30869653..1bd02f57 100644
--- a/charts/cluster-auth/README.md
+++ b/charts/cluster-auth/README.md
@@ -71,6 +71,7 @@ The following table lists the configurable parameters of the `cluster-auth-agent
 | serviceAccount.name              | The name of the service account to use. If not set and create is true, a name is generated using the fullname template                                                                                                                    | <code></code>                                                                                                                                                                                  |
 | monitoring.agent                 | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")                                                                                                                                      | <code>prometheus.io/operator</code>                                                                                                                                                            |
 | monitoring.serviceMonitor.labels | Specify the labels for ServiceMonitor. Prometheus crd will select ServiceMonitor using these labels. Only usable when monitoring agent is `prometheus.io/operator`.                                                                       | <code>{}</code>                                                                                                                                                                                |
+| apiServer.healthcheck.enabled    |                                                                                                                                                                                                                                           | <code>true</code>                                                                                                                                                                              |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
diff --git a/charts/cluster-auth/templates/cluster-role.yaml b/charts/cluster-auth/templates/cluster-role.yaml
index d7f43f22..e0d06962 100644
--- a/charts/cluster-auth/templates/cluster-role.yaml
+++ b/charts/cluster-auth/templates/cluster-role.yaml
@@ -25,4 +25,4 @@ rules:
   - operator.open-cluster-management.io
   resources:
   - klusterlets
-  verbs: ["get"]
+  verbs: ["get", "list", "watch"]
diff --git a/charts/cluster-auth/templates/deployment.yaml b/charts/cluster-auth/templates/deployment.yaml
index e1ce8a11..332c3743 100644
--- a/charts/cluster-auth/templates/deployment.yaml
+++ b/charts/cluster-auth/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-      {{- if .Values.apiserver.healthcheck.enabled }}
+      {{- if .Values.apiServer.healthcheck.enabled }}
         readinessProbe:
           httpGet:
             path: /healthz
diff --git a/charts/cluster-auth/values.openapiv3_schema.yaml b/charts/cluster-auth/values.openapiv3_schema.yaml
index fa06b823..49bace2a 100644
--- a/charts/cluster-auth/values.openapiv3_schema.yaml
+++ b/charts/cluster-auth/values.openapiv3_schema.yaml
@@ -408,6 +408,18 @@ properties:
     additionalProperties:
       type: string
     type: object
+  apiServer:
+    properties:
+      healthcheck:
+        properties:
+          enabled:
+            type: boolean
+        required:
+        - enabled
+        type: object
+    required:
+    - healthcheck
+    type: object
   criticalAddon:
     type: boolean
   fullnameOverride:
@@ -654,6 +666,7 @@ properties:
       type: object
     type: array
 required:
+- apiServer
 - image
 - imagePullPolicy
 - monitoring
diff --git a/charts/cluster-auth/values.yaml b/charts/cluster-auth/values.yaml
index d5600e88..937ba5a5 100644
--- a/charts/cluster-auth/values.yaml
+++ b/charts/cluster-auth/values.yaml
@@ -75,3 +75,6 @@ monitoring:
     # Prometheus crd will select ServiceMonitor using these labels.
     # Only usable when monitoring agent is `prometheus.io/operator`.
     labels: {}
+apiServer:
+  healthcheck:
+    enabled: true