feat: add sa role

Signed-off-by: Brad McCoy <[email protected]>

Author: bradmccoydev

.github/workflows/release-helm-chart.yml

@@ -2,7 +2,7 @@ name: Release Charts
 on:
   push:
     branches:
-      - main1
+      - main
     paths:
       - 'charts/**'
 

charts/cdevents-controller/templates/serviceaccount.yaml

@@ -5,8 +5,66 @@ metadata:
   name: {{ template "cdevents-controller.serviceAccountName" . }}
   labels:
     {{- include "cdevents-controller.labels" . | nindent 4 }}
-{{- with .Values.serviceAccount.imagePullSecrets }}
-imagePullSecrets:
-  {{- toYaml . | nindent 2 }}
 {{- end -}}
-{{- end -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cdevents-controller.serviceAccountName" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - watch
+      - list
+      - delete
+      - update
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "cdevents-controller.serviceAccountName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "cdevents-controller.serviceAccountName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cdevents-controller.serviceAccountName" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "cdevents-controller.serviceAccountName" . }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - watch
+      - list
+      - delete
+      - update
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "cdevents-controller.serviceAccountName" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "cdevents-controller.serviceAccountName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cdevents-controller.serviceAccountName" . }}

mainfests.yaml

@@ -0,0 +1,283 @@
+NAME: cdevents-controller-1685448372
+LAST DEPLOYED: Tue May 30 22:06:13 2023
+NAMESPACE: metabase
+STATUS: pending-install
+REVISION: 1
+HOOKS:
+---
+# Source: cdevents-controller/templates/tests/grpc.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cdevents-controller-1685448372-grpc-test-wcmk4
+  labels:
+    helm.sh/chart: cdevents-controller-0.0.4
+    app.kubernetes.io/name: cdevents-controller-1685448372
+    app.kubernetes.io/version: "0.0.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: grpc-health-probe
+      image: bradmccoydev/grpc_health_probe:v0.3.0
+      command: ['grpc_health_probe']
+      args:  ['-addr=cdevents-controller-1685448372.metabase:9999']
+  restartPolicy: Never
+---
+# Source: cdevents-controller/templates/tests/jwt.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cdevents-controller-1685448372-jwt-test-bwi75
+  labels:
+    helm.sh/chart: cdevents-controller-0.0.4
+    app.kubernetes.io/name: cdevents-controller-1685448372
+    app.kubernetes.io/version: "0.0.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: tools
+      image: giantswarm/tiny-tools
+      command:
+        - sh
+        - -c
+        - |
+          TOKEN=$(curl -sd 'test' ${cdevents-controller_SVC}/token | jq -r .token) &&
+          curl -sH "Authorization: Bearer ${TOKEN}" ${cdevents-controller_SVC}/token/validate | grep test
+      env:
+      - name: cdevents-controller_SVC
+        value: "cdevents-controller-1685448372.metabase:9898"
+  restartPolicy: Never
+---
+# Source: cdevents-controller/templates/tests/service.yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: cdevents-controller-1685448372-service-test-oq1lu
+  labels:
+    helm.sh/chart: cdevents-controller-0.0.4
+    app.kubernetes.io/name: cdevents-controller-1685448372
+    app.kubernetes.io/version: "0.0.4"
+    app.kubernetes.io/managed-by: Helm
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: curl
+      image: curlimages/curl:7.69.0
+      command:
+        - sh
+        - -c
+        - |
+          curl -s ${cdevents-controller_SVC}/api/info | grep version
+      env:
+        - name: cdevents-controller_SVC
+          value: "cdevents-controller-1685448372.metabase:9898"
+  restartPolicy: Never
+MANIFEST:
+---
+# Source: cdevents-controller/templates/serviceaccount.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - watch
+      - list
+      - delete
+      - update
+      - patch
+---
+# Source: cdevents-controller/templates/serviceaccount.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: default
+subjects:
+  - kind: ServiceAccount
+    name: default
+---
+# Source: cdevents-controller/templates/serviceaccount.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: default
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - configmaps
+      - secrets
+    verbs:
+      - get
+      - watch
+      - list
+      - delete
+      - update
+      - patch
+---
+# Source: cdevents-controller/templates/serviceaccount.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: default
+subjects:
+  - kind: ServiceAccount
+    name: default
+---
+# Source: cdevents-controller/templates/service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: cdevents-controller-1685448372
+  labels:
+    helm.sh/chart: cdevents-controller-0.0.4
+    app.kubernetes.io/name: cdevents-controller-1685448372
+    app.kubernetes.io/version: "0.0.4"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  type: ClusterIP
+  ports:
+    - port: 9898
+      targetPort: http
+      protocol: TCP
+      name: http
+    - port: 9999
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    app.kubernetes.io/name: cdevents-controller-1685448372
+---
+# Source: cdevents-controller/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cdevents-controller-1685448372
+  labels:
+    helm.sh/chart: cdevents-controller-0.0.4
+    app.kubernetes.io/name: cdevents-controller-1685448372
+    app.kubernetes.io/version: "0.0.4"
+    app.kubernetes.io/managed-by: Helm
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: cdevents-controller-1685448372
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: cdevents-controller-1685448372
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9898"
+    spec:
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: cdevents-controller
+          image: "ghcr.io/bradmccoydev/cdevents-controller:0.0.1"
+          imagePullPolicy: IfNotPresent
+          command:
+            - ./cdevents-controller
+            - --port=9898
+            - --cert-path=/data/cert
+            - --port-metrics=9797
+            - --grpc-port=9999
+            - --grpc-service-name=cdevents-controller
+            - --level=info
+            - --random-delay=false
+            - --random-error=false
+          env:
+          - name: cdevents-controller_MONGODB_URL
+            valueFrom:
+              secretKeyRef:
+                name: mongodb
+                key: mongodb-url
+          - name: cdevents-controller_UI_COLOR
+            value: "#34577c"
+          ports:
+            - name: http
+              containerPort: 9898
+              protocol: TCP
+            - name: http-metrics
+              containerPort: 9797
+              protocol: TCP
+            - name: grpc
+              containerPort: 9999
+              protocol: TCP
+          livenessProbe:
+            exec:
+              command:
+              - cdeventscli
+              - check
+              - http
+              - localhost:9898/healthz
+            initialDelaySeconds: 1
+            timeoutSeconds: 5
+            failureThreshold: 3
+            successThreshold: 1
+            periodSeconds: 10
+          readinessProbe:
+            exec:
+              command:
+              - cdeventscli
+              - check
+              - http
+              - localhost:9898/readyz
+            initialDelaySeconds: 1
+            timeoutSeconds: 5
+            failureThreshold: 3
+            successThreshold: 1
+            periodSeconds: 10
+          volumeMounts:
+          - name: data
+            mountPath: /data
+          resources:
+            limits: null
+            requests:
+              cpu: 1m
+              memory: 16Mi
+      volumes:
+      - name: data
+        emptyDir: {}
+
+NOTES:
+1. Get the application URL by running these commands:
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl -n metabase port-forward deploy/cdevents-controller-1685448372 8080:9898

pkg/api/cdevent.go

@@ -63,7 +63,7 @@ func (s *Server) cdEventHandler(w http.ResponseWriter, r *http.Request) {
 
 	result, err := collection.InsertOne(ctx, cdevent)
 	if err != nil {
-		log.Fatal(err)
+		fmt.Printf("Error With Mongo: %s\n", err)
 	}
 
 	fmt.Printf("Inserted document with _id: %v\n", result.InsertedID)