From 4b312141ba61cfcd2f093b8c7843e19e4982e491 Mon Sep 17 00:00:00 2001 From: Kyle Schochenmaier Date: Wed, 5 May 2021 12:56:56 -0500 Subject: [PATCH 1/2] Add namespace read support to the clusterrole so we can read namespaces in the endpoints controller and webhook --- templates/connect-inject-clusterrole.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/connect-inject-clusterrole.yaml b/templates/connect-inject-clusterrole.yaml index 5dd87a7b..7ba2942a 100644 --- a/templates/connect-inject-clusterrole.yaml +++ b/templates/connect-inject-clusterrole.yaml @@ -11,7 +11,7 @@ metadata: release: {{ .Release.Name }} rules: - apiGroups: [""] - resources: ["pods", "endpoints", "services"] + resources: ["pods", "endpoints", "services", "namespaces"] verbs: - "get" - "list" From abe5d002fb21d94a7a6c8df643f90d52f3dd2713 Mon Sep 17 00:00:00 2001 From: Kyle Schochenmaier Date: Wed, 5 May 2021 13:04:51 -0500 Subject: [PATCH 2/2] update changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 16836ce0..7414d367 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ ## Unreleased +IMPROVEMENTS: +* Connect: Add namespaces get/list/watch to the connect-inject clusterrole to support the ability to fetch namespace labels which can enable/disable tproxy for an entire namespace. [[GH-942](https://github.com/hashicorp/consul-helm/pull/942)] + FEATURES: * CRDs: Update ServiceDefaults with Mode, TransparentProxy and UpstreamConfigs fields. Note: Mode and TransparentProxy should not be set using this CRD but via annotations. [[GH-925](https://github.com/hashicorp/consul-helm/pull/925)], [[GH-914](https://github.com/hashicorp/consul-helm/pull/914)]