From 1fe84ce9488e0e92d7076661dcd7723709706daf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?=
 <charles.edouard@nirmata.com>
Date: Wed, 6 Nov 2024 15:06:17 +0100
Subject: [PATCH] fix: add missing role in chart (#180)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
---
 .../templates/cluster-role.yaml                | 18 ++++++++++++++++++
 .../templates/role-binding.yaml                | 17 +++++++++++++++++
 charts/kyverno-authz-server/values.yaml        |  2 +-
 .../{rbac.yaml => service-account.yaml}        |  0
 4 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 charts/kyverno-authz-server/templates/cluster-role.yaml
 create mode 100644 charts/kyverno-authz-server/templates/role-binding.yaml
 rename charts/kyverno-sidecar-injector/templates/{rbac.yaml => service-account.yaml} (100%)

diff --git a/charts/kyverno-authz-server/templates/cluster-role.yaml b/charts/kyverno-authz-server/templates/cluster-role.yaml
new file mode 100644
index 0000000..9b82ea1
--- /dev/null
+++ b/charts/kyverno-authz-server/templates/cluster-role.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.rbac.create -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+metadata:
+  name: {{ template "kyverno-authz-server.name" . }}
+  labels:
+    {{- include "kyverno-authz-server.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - envoy.kyverno.io
+    resources:
+      - authorizationpolicies
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}
diff --git a/charts/kyverno-authz-server/templates/role-binding.yaml b/charts/kyverno-authz-server/templates/role-binding.yaml
new file mode 100644
index 0000000..0babdd8
--- /dev/null
+++ b/charts/kyverno-authz-server/templates/role-binding.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.rbac.create -}}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "kyverno-authz-server.name" . }}
+  namespace: {{ template "kyverno.lib.namespace" . }}
+  labels:
+    {{- include "kyverno-authz-server.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "kyverno-authz-server.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "kyverno-authz-server.service-account.name" . }}
+    namespace: {{ template "kyverno.lib.namespace" . }}
+{{- end -}}
diff --git a/charts/kyverno-authz-server/values.yaml b/charts/kyverno-authz-server/values.yaml
index b4aca5a..0de9a8a 100644
--- a/charts/kyverno-authz-server/values.yaml
+++ b/charts/kyverno-authz-server/values.yaml
@@ -207,7 +207,7 @@ containers:
 service:
 
   # -- Service port.
-  port: 80
+  port: 9081
 
   # -- Service type.
   type: ClusterIP
diff --git a/charts/kyverno-sidecar-injector/templates/rbac.yaml b/charts/kyverno-sidecar-injector/templates/service-account.yaml
similarity index 100%
rename from charts/kyverno-sidecar-injector/templates/rbac.yaml
rename to charts/kyverno-sidecar-injector/templates/service-account.yaml