Add support for additional rule in role/clusterrole

ffais · ffais · commit e7a578d832ff · 2025-05-17T09:01:05.000+02:00
Signed-off-by: ffais &lt;ffais@fbk.eu&gt;
diff --git a/charts/cluster-autoscaler/Chart.yaml b/charts/cluster-autoscaler/Chart.yaml
@@ -11,4 +11,4 @@ name: cluster-autoscaler
 sources:
   - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler
 type: application
-version: 9.46.6
+version: 9.46.7
diff --git a/charts/cluster-autoscaler/README.md b/charts/cluster-autoscaler/README.md
@@ -498,6 +498,7 @@ vpa:
 | prometheusRule.interval | string | `nil` | How often rules in the group are evaluated (falls back to `global.evaluation_interval` if not set). |
 | prometheusRule.namespace | string | `"monitoring"` | Namespace which Prometheus is running in. |
 | prometheusRule.rules | list | `[]` | Rules spec template (see https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#rule). |
+| rbac.additionalRules | list | `[]` | Additional rules for role/clusterrole |
 | rbac.clusterScoped | bool | `true` | if set to false will only provision RBAC to alter resources in the current namespace. Most useful for Cluster-API |
 | rbac.create | bool | `true` | If `true`, create and use RBAC resources. |
 | rbac.pspEnabled | bool | `false` | If `true`, creates and uses RBAC resources required in the cluster with [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) enabled. Must be used with `rbac.create` set to `true`. |
diff --git a/charts/cluster-autoscaler/templates/clusterrole.yaml b/charts/cluster-autoscaler/templates/clusterrole.yaml
@@ -173,4 +173,7 @@ rules:
     - patch
     - update
 {{- end }}
+{{- if .Values.rbac.additionalRules }}
+{{ toYaml .Values.rbac.additionalRules | indent 2 }}
+{{- end }}
 {{- end -}}
diff --git a/charts/cluster-autoscaler/templates/role.yaml b/charts/cluster-autoscaler/templates/role.yaml
@@ -83,5 +83,8 @@ rules:
     verbs:
     - get
     - update
+{{- if .Values.rbac.additionalRules }}
+{{ toYaml .Values.rbac.additionalRules | indent 2}}
+{{- end }}
 {{- end }}
 {{- end -}}
diff --git a/charts/cluster-autoscaler/values.yaml b/charts/cluster-autoscaler/values.yaml
@@ -366,6 +366,17 @@ rbac:
     name: ""
     # rbac.serviceAccount.automountServiceAccountToken -- Automount API credentials for a Service Account.
     automountServiceAccountToken: true
+  # rbac.additionalRules -- Additional rules for role/clusterrole
+  additionalRules: []
+  # - apiGroups:
+  #   - infrastructure.cluster.x-k8s.io
+  #   resources:
+  #   - kubemarkmachinetemplates
+  #   verbs:
+  #   - get
+  #   - list
+  #   - watch
+
 
 # replicaCount -- Desired number of pods
 replicaCount: 1
