diff --git a/chart/README.md b/chart/README.md index de9e240a9..9c50a9e76 100644 --- a/chart/README.md +++ b/chart/README.md @@ -93,6 +93,7 @@ Kubernetes native, multi-tenant synthetic monitoring system | serviceAccount.rbac.exec | bool | `true` | | | serviceAccount.rbac.ingressCreateAndDelete | bool | `true` | for pod canary | | serviceAccount.rbac.namespaceCreateAndDelete | bool | `true` | for namespace canary | +| serviceAccount.rbac.deploymentCreateAndDelete | bool | `true` | for deployment canary | | serviceAccount.rbac.podsCreateAndDelete | bool | `true` | for pod and junit canaries | | serviceAccount.rbac.readAll | bool | `true` | for use with kubernetes resource lookups | | serviceAccount.rbac.secrets | bool | `true` | for secret management with valueFrom | diff --git a/chart/ci/full-values.yaml b/chart/ci/full-values.yaml index 450dacbe5..b7dd36dc0 100644 --- a/chart/ci/full-values.yaml +++ b/chart/ci/full-values.yaml @@ -73,6 +73,7 @@ serviceAccount: exec: true ingressCreateAndDelete: true namespaceCreateAndDelete: true + deploymentCreateAndDelete: true podsCreateAndDelete: true readAll: true secrets: true diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml index efa9300fe..81ec7e6a1 100644 --- a/chart/templates/rbac.yaml +++ b/chart/templates/rbac.yaml @@ -104,6 +104,20 @@ rules: verbs: - "*" {{- end}} + {{- if .Values.serviceAccount.rbac.deploymentCreateAndDelete }} + - apiGroups: + - "apps" + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + {{- end }} {{- if .Values.serviceAccount.rbac.extra }} {{ .Values.serviceAccount.rbac.extra | toYaml | nindent 2 }} {{- end}} diff --git a/chart/values.schema.deref.json b/chart/values.schema.deref.json index cda61cffe..528908faa 100644 --- a/chart/values.schema.deref.json +++ b/chart/values.schema.deref.json @@ -4471,6 +4471,12 @@ "title": "namespaceCreateAndDelete", "type": "boolean" }, + "deploymentCreateAndDelete": { + "default": true, + "description": "for deployment canary", + "title": "deploymentCreateAndDelete", + "type": "boolean" + }, "podsCreateAndDelete": { "default": true, "description": "for pod and junit canaries", @@ -4508,7 +4514,8 @@ "podsCreateAndDelete", "exec", "ingressCreateAndDelete", - "namespaceCreateAndDelete" + "namespaceCreateAndDelete", + "deploymentCreateAndDelete" ], "title": "rbac" } diff --git a/chart/values.schema.json b/chart/values.schema.json index c640982cb..a76c8c76b 100644 --- a/chart/values.schema.json +++ b/chart/values.schema.json @@ -527,6 +527,13 @@ "title": "namespaceCreateAndDelete", "type": "boolean" }, + "deploymentCreateAndDelete": { + "default": true, + "description": "for deployment canary", + "required": [], + "title": "deploymentCreateAndDelete", + "type": "boolean" + }, "podsCreateAndDelete": { "default": true, "description": "for pod and junit canaries", @@ -564,7 +571,8 @@ "podsCreateAndDelete", "exec", "ingressCreateAndDelete", - "namespaceCreateAndDelete" + "namespaceCreateAndDelete", + "deploymentCreateAndDelete" ], "title": "rbac" } diff --git a/chart/values.yaml b/chart/values.yaml index 7af7ae85c..255fc594b 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -430,6 +430,9 @@ serviceAccount: # -- for namespace canary namespaceCreateAndDelete: true + # -- for deployment canary + deploymentCreateAndDelete: true + # @schema # required: false # default: []