Merge pull request #6 from PaloAltoNetworks/fix/otel-bind-openshift

adavid-panw · web-flow · commit 5a05ddae7bb5 · 2025-06-18T11:28:33.000+03:00
fix(otel): added bind to openshift:scc:anyuid for otel workload
diff --git a/charts/konnector/Chart.yaml b/charts/konnector/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: konnector
 description: Deploys Palo Alto Networks' Cortex KSPM connector for advanced Kubernetes security posture management.
 type: application
-version: 1.0.9
+version: 1.0.10
 appVersion: "1.0.0"
 maintainers:
   - name: Palo Alto Networks - Cortex KSPM team
diff --git a/charts/konnector/templates/rbac.yaml b/charts/konnector/templates/rbac.yaml
@@ -64,3 +64,21 @@ roleRef:
   name: {{ $roleName }}
   apiGroup: rbac.authorization.k8s.io
 {{- end }}
+
+{{- range $bindingName, $bindingInfo := .Values.system.extraClusterRoleBindings }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ $bindingName }}
+  labels:
+    {{- include "common.labels" $ | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $sa }}
+    namespace: {{ $namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ $bindingInfo.roleRef.name }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/charts/konnector/values.yaml b/charts/konnector/values.yaml
@@ -176,6 +176,11 @@ system:
           resources: ["horizontalpodautoscalers"]
           verbs: ["get", "list", "watch"]
 
+  extraClusterRoleBindings:
+    openshift-anyuid-crole-binding:
+      roleRef:
+        name: system:openshift:scc:anyuid
+
   # ==========================
   # Secrets Resources
   # ==========================
