krateoplatformops / core-provider Goto Github PK

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Wrong management of manifest separator '---' bring the rbac generator to find "false positives" errors

Is your feature request related to a problem? Please describe.
Requested possibility to authenticate to private repository/registry

Describe the solution you'd like
Add a field in the CRD that allows to set credentials

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the solution you'd like
We want to generate the RBAC policy for the deployed instance of CDC from Helm chart templates. The core provider will read the resources and namespaces and create the role or cluster role accordingly

Describe the bug
The core-provider (v0.14.1) has troubles fetching a helm chart from a Nexus helm repository.

This is my composition:

apiVersion: core.krateo.io/v1alpha1
kind: CompositionDefinition
metadata:
  name: sprintgboot-webapp
  namespace: krateo-v2-system
spec:
  chart:
    url: http://nexus.insiel.it/repository/helm-hosted
    repo: springboot-webapp
    version: 0.1.0

According to this example the CompositionDefinition above should be correct.

However, the core-provider returns the following error:

Get "springboot-webapp-0.1.0.tgz": unsupported protocol scheme ""

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.

Describe the bug
runAsUser: 2000 not accepted by openshift policy.

Warning SyncError 75s (x15 over 2m37s) pod-syncer Error syncing to physical cluster: pods "krateospringbootwebapps-v0-1-2-controller-67b7bbbdd5-541171ff46" is forbidden: unable to validate against any security context constraint: [provider "sonarqube-privileged-scc": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .containers[0].runAsUser: Invalid value: 2000: must be in the ranges: [1001130000, 1001139999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "node-exporter": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
A clear and concise description of what the bug is.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
 creationTimestamp: "2024-07-23T12:37:29Z"
 name: powerbi
 resourceVersion: "89740346"
 uid: 38e2c328-9984-4680-b4bf-23c9f58ab9e3
rules:
- apiGroups:
 - ""
 resources:
 - namespaces
 verbs:
 - get
 - list
 - watch
 - create
- apiGroups:
 - jira.krateo.io
 resources:
 - ticketjiras
 verbs:
 - '*'
- apiGroups:
 - powerbi.krateo.io
 resources:
 - pipelinepbis
 verbs:
 - '*'
- apiGroups:
 - powerbi.krateo.io
 resources:
 - workspaces
 verbs:
 - '*'
- apiGroups:
 - powerbi.krateo.io
 resources:
 - workspacecheckers
 verbs:
 - '*'

Here the resources named “pipelinepbis” and “ticketjiras” are not correct. The correct plural defined for these CRD are “pipelinespbi” and “ticketsjira”.

The problem is due the assumption that pluralization from Kind with Pluralise function of the fleet library would cover all the cases

Is your feature request related to a problem? Please describe.
Is it possible to specify in a CompositionDefinition a Chart that needs authentication ?

How is it possible to specify the secrets required to access this possible private Chart ?

The core-provider can create a dedicated Role and ClusterRole when a composition-dynamic-controller is deployed.

An enhancement would be to inspect any GVK resource in the composition helm chart, check if that GVK is cluster or namespace scoped, and populate the Role and ClusterRole accordingly.

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
Helm go client does not have permission to create folder on root of CDC. helm/helm#8038

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context
Add any other context about the problem here.