Add support for additional rule in role/clusterrole

Signed-off-by: ffais <ffais@fbk.eu>
2025-05-17 09:01:05 +02:00 · 2025-05-17 09:01:05 +02:00 · 4086830636
parent 8e47b51d39
commit 4086830636
5 changed files with 19 additions and 1 deletions
--- a/charts/cluster-autoscaler/Chart.yaml
+++ b/charts/cluster-autoscaler/Chart.yaml
@ -11,4 +11,4 @@ name: cluster-autoscaler
 sources:
  - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler
 type: application
-version: 9.47.0
+version: 9.48.0
--- a/charts/cluster-autoscaler/README.md
+++ b/charts/cluster-autoscaler/README.md
@ -498,6 +498,7 @@ vpa:
 | prometheusRule.interval | string | `nil` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). |
 | prometheusRule.namespace | string | `"monitoring"` | Namespace which Prometheus is running in. |
 | prometheusRule.rules | list | `[]` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). |
+| rbac.additionalRules | list | `[]` | Additional rules for role/clusterrole |
 | rbac.clusterScoped | bool | `true` | if set to false will only provision RBAC to alter resources in the current namespace. Most useful for Cluster-API |
 | rbac.create | bool | `true` | If `true`, create and use RBAC resources. |
 | rbac.pspEnabled | bool | `false` | If `true`, creates and uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. Must be used with `rbac.create` set to `true`. |
--- a/charts/cluster-autoscaler/templates/clusterrole.yaml
+++ b/charts/cluster-autoscaler/templates/clusterrole.yaml
@ -173,4 +173,7 @@ rules:
    - patch
    - update
 {{- end }}
+{{- if .Values.rbac.additionalRules }}
+{{ toYaml .Values.rbac.additionalRules | indent 2 }}
+{{- end }}
 {{- end -}}
--- a/charts/cluster-autoscaler/templates/role.yaml
+++ b/charts/cluster-autoscaler/templates/role.yaml
@ -83,5 +83,8 @@ rules:
    verbs:
    - get
    - update
+{{- if .Values.rbac.additionalRules }}
+{{ toYaml .Values.rbac.additionalRules | indent 2}}
+{{- end }}
 {{- end }}
 {{- end -}}
--- a/charts/cluster-autoscaler/values.yaml
+++ b/charts/cluster-autoscaler/values.yaml
@ -366,6 +366,17 @@ rbac:
    name: ""
    # rbac.serviceAccount.automountServiceAccountToken -- Automount API credentials for a Service Account.
    automountServiceAccountToken: true
+  # rbac.additionalRules -- Additional rules for role/clusterrole
+  additionalRules: []
+  # - apiGroups:
+  #   - infrastructure.cluster.x-k8s.io
+  #   resources:
+  #   - kubemarkmachinetemplates
+  #   verbs:
+  #   - get
+  #   - list
+  #   - watch
+

 # replicaCount -- Desired number of pods
 replicaCount: 1