core-provider's Issues
Smarter RBAC that uses resourceNames for Roles and ClusterRoles
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Requested generation of rule for Secret resource in the namespace referenced in the compositiondefinition
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Upgrade CRDGen deps
Remove unused status attrs
Wrong management of manifest separator '---'
Describe the bug
Wrong management of manifest separator '---' bring the rbac generator to find "false positives" errors
Respect required fields
Requested possibility to authenticate to private repository/registry
Is your feature request related to a problem? Please describe.
Requested possibility to authenticate to private repository/registry
Describe the solution you'd like
Add a field in the CRD that allows to set credentials
Fix pluralizer
Manage multiple versions of the same CRD
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Update dockerfile
Use crdgen lib
RBAC Generator does not correctly generate RBAC policy with certain templates
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
Add InsecureSkipVerifyTLS in CRD
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Generation of smarter RBAC
Describe the solution you'd like
We want to generate the RBAC policy for the deployed instance of CDC from Helm chart templates. The core provider will read the resources and namespaces and create the role or cluster role accordingly
Helm Getter does not handle relative urls in index.yaml file
Describe the bug
The core-provider (v0.14.1) has troubles fetching a helm chart from a Nexus helm repository.
This is my composition:
apiVersion: core.krateo.io/v1alpha1
kind: CompositionDefinition
metadata:
name: sprintgboot-webapp
namespace: krateo-v2-system
spec:
chart:
url: http://nexus.insiel.it/repository/helm-hosted
repo: springboot-webapp
version: 0.1.0
According to this example the CompositionDefinition above should be correct.
However, the core-provider returns the following error:
Get "springboot-webapp-0.1.0.tgz": unsupported protocol scheme ""
Missing 'secrets' rule in the generated RBAC needed by helm
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
Openshift refuse to sync pod due to security context policy
Describe the bug
runAsUser: 2000
not accepted by openshift policy.
Warning SyncError 75s (x15 over 2m37s) pod-syncer Error syncing to physical cluster: pods "krateospringbootwebapps-v0-1-2-controller-67b7bbbdd5-541171ff46" is forbidden: unable to validate against any security context constraint: [provider "sonarqube-privileged-scc": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser: Invalid value: 2000: must be in the ranges: [1001130000, 1001139999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
Change role generation from definitions to compositiondefinitions
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Manage SchemaDefinition CRD
Wrong naming of resoureces in generated roles and clusterroles
Describe the bug
A clear and concise description of what the bug is.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: "2024-07-23T12:37:29Z"
name: powerbi
resourceVersion: "89740346"
uid: 38e2c328-9984-4680-b4bf-23c9f58ab9e3
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- create
- apiGroups:
- jira.krateo.io
resources:
- ticketjiras
verbs:
- '*'
- apiGroups:
- powerbi.krateo.io
resources:
- pipelinepbis
verbs:
- '*'
- apiGroups:
- powerbi.krateo.io
resources:
- workspaces
verbs:
- '*'
- apiGroups:
- powerbi.krateo.io
resources:
- workspacecheckers
verbs:
- '*'
Here the resources named “pipelinepbis” and “ticketjiras” are not correct. The correct plural defined for these CRD are “pipelinespbi” and “ticketsjira”.
The problem is due the assumption that pluralization from Kind with Pluralise function of the fleet library would cover all the cases
Add GVK info to CR status
Using protected charts in CompositionDefinitions
Upgrade crdgen
Smarter generation of roles and clusterroles for the composition-dynamic-controller
The core-provider can create a dedicated Role and ClusterRole when a composition-dynamic-controller is deployed.
An enhancement would be to inspect any GVK resource in the composition helm chart, check if that GVK is cluster or namespace scoped, and populate the Role and ClusterRole accordingly.
Update CI with package permissions
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Helm go client does not have permission to create folder on root of CDC
Describe the bug
Helm go client does not have permission to create folder on root of CDC. helm/helm#8038
Fix Dockerfile image version of second stage
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
- Go to '...'
- Click on '....'
- Scroll down to '....'
- See error
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
- OS: [e.g. iOS]
- Browser [e.g. chrome, safari]
- Version [e.g. 22]
Smartphone (please complete the following information):
- Device: [e.g. iPhone6]
- OS: [e.g. iOS8.1]
- Browser [e.g. stock browser, safari]
- Version [e.g. 22]
Additional context
Add any other context about the problem here.
Add test case on Tar GZip Helm archives
Change resource plurals gen
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.