diff --git a/k8s/amour/BUILD.bazel b/k8s/amour/BUILD.bazel index 771e3ac98..d0ecd3e5c 100644 --- a/k8s/amour/BUILD.bazel +++ b/k8s/amour/BUILD.bazel @@ -52,7 +52,6 @@ cue_export( "//k8s/amour/speedtest_exporter:cue_speedtest_exporter_library", "//k8s/amour/tailscale:cue_tailscale_library", "//k8s/amour/thomas:cue_thomas_library", - "//k8s/amour/trivy_system:cue_trivy_system_library", "//k8s/amour/vector:cue_vector_library", "//k8s/amour/victoria_logs:cue_victoria_logs_library", "//k8s/amour/vm:cue_vm_library", diff --git a/k8s/amour/rook_ceph/cluster_role_list.cue b/k8s/amour/rook_ceph/cluster_role_list.cue index 915864928..5452244cc 100644 --- a/k8s/amour/rook_ceph/cluster_role_list.cue +++ b/k8s/amour/rook_ceph/cluster_role_list.cue @@ -64,7 +64,7 @@ import ( }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] - verbs: ["get", "list"] + verbs: ["get", "list", "watch", "update", "patch", "create"] }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -72,11 +72,23 @@ import ( }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] - verbs: ["get", "list", "watch", "patch", "update"] + verbs: ["get", "list", "watch", "patch", "update", "create"] }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents/status"] verbs: ["update", "patch"] + }, { + apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + }, { + apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["get", "list", "watch", "update", "patch"] + }, { + apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["update", "patch"] }] }, { metadata: { @@ -161,7 +173,7 @@ import ( }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshots"] - verbs: ["get", "list", "watch"] + verbs: ["get", "list", "watch", "update", "patch", "create"] }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotclasses"] @@ -169,11 +181,23 @@ import ( }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents"] - verbs: ["get", "list", "watch", "patch", "update"] + verbs: ["get", "list", "watch", "patch", "update", "create"] }, { apiGroups: ["snapshot.storage.k8s.io"] resources: ["volumesnapshotcontents/status"] verbs: ["update", "patch"] + }, { + apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotclasses"] + verbs: ["get", "list", "watch"] + }, { + apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents"] + verbs: ["get", "list", "watch", "update", "patch"] + }, { + apiGroups: ["groupsnapshot.storage.k8s.io"] + resources: ["volumegroupsnapshotcontents/status"] + verbs: ["update", "patch"] }, { apiGroups: [v1.#GroupName] resources: ["configmaps"] diff --git a/k8s/amour/rook_ceph/list.cue b/k8s/amour/rook_ceph/list.cue index 97d35579f..8a04b1119 100644 --- a/k8s/amour/rook_ceph/list.cue +++ b/k8s/amour/rook_ceph/list.cue @@ -8,7 +8,7 @@ import ( #Name: "rook-ceph" #Namespace: #Name -#Version: "1.13.0.166.gbc78b6cad" +#Version: "1.14.2" #List: v1.#List & { apiVersion: "v1" diff --git a/k8s/amour/rook_ceph/role_binding_list.cue b/k8s/amour/rook_ceph/role_binding_list.cue index 4e344faef..3ef590cf6 100644 --- a/k8s/amour/rook_ceph/role_binding_list.cue +++ b/k8s/amour/rook_ceph/role_binding_list.cue @@ -116,18 +116,6 @@ import rbacv1 "k8s.io/api/rbac/v1" kind: rbacv1.#ServiceAccountKind name: "rook-ceph-purge-osd" }] -}, { - // Allow the rgw pods in this namespace to work with configmaps - metadata: name: "rook-ceph-rgw" - roleRef: { - apiGroup: rbacv1.#GroupName - kind: "Role" - name: "rook-ceph-rgw" - } - subjects: [{ - kind: rbacv1.#ServiceAccountKind - name: "rook-ceph-rgw" - }] }, { // Grant the operator, agent, and discovery agents access to resources in the rook-ceph-system namespace metadata: { diff --git a/k8s/amour/rook_ceph/role_list.cue b/k8s/amour/rook_ceph/role_list.cue index e53b0973e..eb5be377a 100644 --- a/k8s/amour/rook_ceph/role_list.cue +++ b/k8s/amour/rook_ceph/role_list.cue @@ -110,16 +110,6 @@ import ( resources: ["persistentvolumeclaims"] verbs: ["get", "update", "delete", "list"] }] -}, { - metadata: name: "rook-ceph-rgw" - rules: [{ - // Placeholder role so the rgw service account will - // be generated in the csv. Remove this role and role binding - // when fixing https://github.com/rook/rook/issues/10141. - apiGroups: [v1.#GroupName] - resources: ["configmaps"] - verbs: ["get"] - }] }, { // Allow the operator to manage resources in its own namespace metadata: { diff --git a/k8s/amour/rook_ceph/service_account_list.cue b/k8s/amour/rook_ceph/service_account_list.cue index b908c9884..857796734 100644 --- a/k8s/amour/rook_ceph/service_account_list.cue +++ b/k8s/amour/rook_ceph/service_account_list.cue @@ -21,6 +21,14 @@ import "k8s.io/api/core/v1" "app.kubernetes.io/part-of": "rook-ceph-operator" } } +}, { + metadata: { + name: "rook-ceph-default" + labels: { + operator: "rook" + "storage-backend": "ceph" + } + } }, { // Service account for Ceph mgrs metadata: { diff --git a/k8s/amour/thomas/BUILD.bazel b/k8s/amour/thomas/BUILD.bazel index 5eabef383..b4bdad6ee 100644 --- a/k8s/amour/thomas/BUILD.bazel +++ b/k8s/amour/thomas/BUILD.bazel @@ -3,10 +3,14 @@ load("@com_github_tnarg_rules_cue//cue:cue.bzl", "cue_library") cue_library( name = "cue_thomas_library", srcs = [ + "job_list.cue", "list.cue", "namespace_list.cue", ], importpath = "github.com/uhthomas/automata/k8s/amour/thomas", visibility = ["//visibility:public"], - deps = ["//cue.mod/gen/k8s.io/api/core/v1:cue_v1_library"], + deps = [ + "//cue.mod/gen/k8s.io/api/batch/v1:cue_v1_library", + "//cue.mod/gen/k8s.io/api/core/v1:cue_v1_library", + ], )