feat: add RBAC rules for KongVault (#992)

Co-authored-by: Patryk Małek <[email protected]>
Kong · Jan 29, 2024 · a8c3822 · a8c3822
1 parent ad65c3c
commit a8c3822
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/charts/kong/CHANGELOG.md b/charts/kong/CHANGELOG.md
@@ -2,7 +2,11 @@
 
 ## Unreleased
 
-Nothing yet.
+### Added 
+
+* Added controller's RBAC rules for `KongVault` CRD (installed only when KIC
+  version >= 3.1.0).
+  [#992](https://github.com/Kong/charts/pull/992)
 
 ## 2.34.0
 

diff --git a/charts/kong/templates/_helpers.tpl b/charts/kong/templates/_helpers.tpl
@@ -1647,6 +1647,24 @@ of a Role or ClusterRole) that provide the ingress controller access to the
 Kubernetes Cluster-scoped resources it uses to build Kong configuration.
 */}}
 {{- define "kong.kubernetesRBACClusterRules" -}}
+{{- if (semverCompare ">= 3.1.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
+- apiGroups:
+  - configuration.konghq.com
+  resources:
+  - kongvaults
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - configuration.konghq.com
+  resources:
+  - kongvaults/status
+  verbs:
+  - get
+  - patch
+  - update
+{{- end }}
 - apiGroups:
   - configuration.konghq.com
   resources: