fix: v2 rbac (#120)

* fix mcp-operator permissions

* feat: release v0.33.1

Author: Diaphteiros

VERSION

@@ -1 +1 @@
-v0.33.0-dev
+v0.33.1

charts/mcp-operator/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: mcp-operator
 description: A Helm chart for the mcp-operator
 type: application
-version: v0.33.0
-appVersion: v0.33.0
+version: v0.33.1
+appVersion: v0.33.1
 home: https://github.com/openmcp-project/mcp-operator
 sources:
   - https://github.com/openmcp-project/mcp-operator

charts/mcp-operator/templates/_helpers.tpl

@@ -44,6 +44,13 @@ Name of the clusterrole(binding) if in-cluster config is used for the cloudorche
 {{- print "openmcp.cloud:co:" ( include "mcp-operator.fullname" . ) | trunc 63 | trimSuffix "-" }}
 {{- end }}
 
+{{/*
+Name of the clusterrole(binding) if in-cluster config is used for the core cluster.
+*/}}
+{{- define "mcp-operator.v2bridge.clusterrole" -}}
+{{- print "openmcp.cloud:v2:" ( include "mcp-operator.fullname" . ) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
 {{/*
 Use <image>:<tag> or <image>@<sha256>, depending on which is given.
 */}}

charts/mcp-operator/templates/rbac.yaml

@@ -94,6 +94,12 @@ rules:
     - landscaperdeployments
   verbs:
     - "*"
+- apiGroups:
+    - landscaper.services.openmcp.cloud
+  resources:
+    - landscapers
+  verbs:
+    - "*"
 ---
 kind: ClusterRoleBinding
 apiVersion: {{ include "rbacversion" . }}
@@ -146,7 +152,7 @@ roleRef:
 {{- end }}
 {{- end }}
 {{- if not .Values.webhooks.disabled }}
-apiVersion: rbac.authorization.k8s.io/v1
+apiVersion: {{ include "rbacversion" . }}
 kind: Role
 metadata:
   name: {{ include "mcp-operator.fullname" . }}
@@ -159,7 +165,7 @@ rules:
     resourceNames:
       - {{ include "mcp-operator.fullname" . }}-webhooks-tls
 ---
-apiVersion: rbac.authorization.k8s.io/v1
+apiVersion: {{ include "rbacversion" . }}
 kind: RoleBinding
 metadata:
   name: {{ include "mcp-operator.fullname" . }}
@@ -174,4 +180,33 @@ subjects:
   name: mcp-operator
   namespace: {{ .Release.Namespace }}
 ---
-{{- end }}
+{{- end }}
+apiVersion: {{ include "rbacversion" . }}
+kind: ClusterRole
+metadata:
+  name: {{ include "mcp-operator.v2bridge.clusterrole" . }}
+  labels:
+    {{- include "mcp-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - clusters.openmcp.cloud
+  resources:
+  - "*"
+  verbs:
+  - "*"
+---
+kind: ClusterRoleBinding
+apiVersion: {{ include "rbacversion" . }}
+metadata:
+  name: {{ include "mcp-operator.v2bridge.clusterrole" . }}
+  labels:
+    {{- include "mcp-operator.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: mcp-operator
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "mcp-operator.v2bridge.clusterrole" . }}
+  apiGroup: rbac.authorization.k8s.io
+---

charts/mcp-operator/values.yaml

@@ -14,7 +14,7 @@ deployment:
 
 image:
   repository: ghcr.io/openmcp-project/images/mcp-operator
-  tag: v0.33.0
+  tag: v0.33.1
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/openmcp-project/cluster-provider-gardener/api v0.2.0
 	github.com/openmcp-project/control-plane-operator v0.1.10
 	github.com/openmcp-project/controller-utils v0.13.1
-	github.com/openmcp-project/mcp-operator/api v0.33.0
+	github.com/openmcp-project/mcp-operator/api v0.33.1
 	github.com/openmcp-project/openmcp-operator/api v0.7.0
 	github.com/openmcp-project/openmcp-operator/lib v0.8.3
 	github.com/spf13/cobra v1.9.1