Add configmap watch and list permission (#35)

Signed-off-by: rasel <rasel@appscode.com>
Signed-off-by: Tamal Saha <tamal@appscode.com>
Co-authored-by: Tamal Saha <tamal@appscode.com>

Author: Superm4n97

apis/installer/v1alpha1/aws_credential_manager_types.go

@@ -82,7 +82,6 @@ type AwsCredentialManagerSpec struct {
 	ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
 	Volumes        []core.Volume      `json:"volumes"`
 	VolumeMounts   []core.VolumeMount `json:"volumeMounts"`
-	Args           []string           `json:"args"`
 }
 
 type ImageReference struct {

apis/installer/v1alpha1/zz_generated.deepcopy.go

@@ -1,4 +1,4 @@
-- ghcr.io/appscode/aws-credential-manager:v0.0.1
+- ghcr.io/appscode/aws-credential-manager:v0.0.2
 - ghcr.io/appscode/capa-vpc-peering-operator:v0.0.4
 - ghcr.io/appscode/capi-ops-manager:v0.0.5
 - ghcr.io/appscode/docker-machine-operator:v0.0.4

catalog/imagelist.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: aws-credential-manager
 description: A Helm chart for AWS Credential Manager
 type: application
-version: v2025.3.14
-appVersion: v0.0.1
+version: v2025.4.30
+appVersion: v0.0.2
 home: https://github.com/appscode-cloud
 icon: https://cdn.appscode.com/images/products/bytebuilders/icons/android-icon-192x192.png
 sources:

charts/aws-credential-manager/Chart.yaml

@@ -7,8 +7,8 @@
 ```bash
 $ helm repo add appscode https://charts.appscode.com/stable
 $ helm repo update
-$ helm search repo appscode/aws-credential-manager --version=v2025.3.14
-$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.3.14
+$ helm search repo appscode/aws-credential-manager --version=v2025.4.30
+$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.4.30
 ```
 
 ## Introduction
@@ -24,7 +24,7 @@ This chart deploys a AWS Credential Manager on a [Kubernetes](http://kubernetes.
 To install/upgrade the chart with the release name `aws-credential-manager`:
 
 ```bash
-$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.3.14
+$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.4.30
 ```
 
 The command deploys a AWS Credential Manager on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
@@ -79,18 +79,17 @@ The following table lists the configurable parameters of the `aws-credential-man
 | nodeSelector                       |                                                                                                                                      | <code>{}</code>                                                                                                                                                                                |
 | tolerations                        |                                                                                                                                      | <code>[]</code>                                                                                                                                                                                |
 | affinity                           |                                                                                                                                      | <code>{}</code>                                                                                                                                                                                |
-| args                               |                                                                                                                                      | <code>["irsa"]</code>                                                                                                                                                                          |
 
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm upgrade -i`. For example:
 
 ```bash
-$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.3.14 --set replicaCount=1
+$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.4.30 --set replicaCount=1
 ```
 
 Alternatively, a YAML file that specifies the values for the parameters can be provided while
 installing the chart. For example:
 
 ```bash
-$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.3.14 --values values.yaml
+$ helm upgrade -i aws-credential-manager appscode/aws-credential-manager -n kubeops --create-namespace --version=v2025.4.30 --values values.yaml
 ```

charts/aws-credential-manager/README.md

@@ -33,7 +33,7 @@ spec:
           image: "{{ include "image.registry" . }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
-            {{- toYaml .Values.args | nindent 12 }}
+            - run
             - --metrics-bind-address=:8443
             - --leader-elect=false
             - --health-probe-bind-address=:{{ .Values.service.port }}

charts/aws-credential-manager/templates/deployment.yaml

@@ -45,6 +45,22 @@ metadata:
   labels:
     {{- include "aws-credential-manager.labels" . | nindent 4 }}
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

charts/aws-credential-manager/templates/rbac.yaml

@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ include "aws-credential-manager.serviceAccountName" . }}
+  name: aws-credential-manager
   namespace: {{ .Release.Namespace }}
   labels:
     {{- include "aws-credential-manager.labels" . | nindent 4 }}

charts/aws-credential-manager/templates/serviceaccount.yaml

@@ -3,23 +3,19 @@
 # Declare variables to be passed into your templates.
 
 replicaCount: 1
-
 # Docker registry fqdn used to pull app related images.
 # Set this to use docker registry hosted at ${registryFQDN}/${registry}/${image}
 registryFQDN: ghcr.io
-
 image:
   # Docker registry used to pull app container image
   registry: appscode
   repository: aws-credential-manager
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
   tag: ""
-
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
-
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -28,10 +24,8 @@ serviceAccount:
   # The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
   name: ""
-
 podAnnotations: {}
 podLabels: {}
-
 podSecurityContext: {}
   # fsGroup: 2000
 
@@ -44,11 +38,9 @@ securityContext: # +doc-gen:break
   runAsUser: 65534
   seccompProfile:
     type: RuntimeDefault
-
 service:
   type: ClusterIP
   port: 8081
-
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
   # choice for the user. This also increases chances charts run on environments with little
@@ -73,7 +65,6 @@ readinessProbe:
     port: http
   initialDelaySeconds: 5
   periodSeconds: 10
-
 # Additional volumes on the output Deployment definition.
 volumes: []
 # - name: foo
@@ -88,11 +79,5 @@ volumeMounts: []
 #   readOnly: true
 
 nodeSelector: {}
-
 tolerations: []
-
 affinity: {}
-
-args: # +doc-gen:break
-  - irsa
-