From 5906f1d8b82b832b7a0016a9c90c049d4bdb80f1 Mon Sep 17 00:00:00 2001 From: Tamal Saha Date: Sat, 27 Jun 2026 01:19:37 +0600 Subject: [PATCH] kube-ui-server: register editor.ui.k8s.appscode.com aggregated API kube-ui-server now serves the editor.ui.k8s.appscode.com group (EditorTemplate). - apiregistration: add the v1alpha1.editor.ui.k8s.appscode.com APIService. - cluster-role: grant the server service account on the editor group. - user-roles: add editor.ui.k8s.appscode.com to the aggregate edit role, and grant authenticated users create on editortemplates (like meta renders). Signed-off-by: Tamal Saha --- .../templates/apiregistration.yaml | 16 ++++++++++++++++ .../kube-ui-server/templates/cluster-role.yaml | 1 + charts/kube-ui-server/templates/user-roles.yaml | 6 ++++++ hack/scripts/ct.sh | 3 ++- 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/charts/kube-ui-server/templates/apiregistration.yaml b/charts/kube-ui-server/templates/apiregistration.yaml index dcd04103..ac25311d 100644 --- a/charts/kube-ui-server/templates/apiregistration.yaml +++ b/charts/kube-ui-server/templates/apiregistration.yaml @@ -50,6 +50,22 @@ spec: --- apiVersion: apiregistration.k8s.io/v1 kind: APIService +metadata: + name: v1alpha1.editor.ui.k8s.appscode.com + labels: + {{- include "kube-ui-server.labels" . | nindent 4 }} +spec: + group: editor.ui.k8s.appscode.com + version: v1alpha1 + service: + namespace: {{ .Release.Namespace }} + name: {{ include "kube-ui-server.fullname" . }} + caBundle: {{ $caCrt }} + groupPriorityMinimum: {{ .Values.apiserver.groupPriorityMinimum }} + versionPriority: {{ .Values.apiserver.versionPriority }} +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService metadata: name: v1alpha1.identity.k8s.appscode.com labels: diff --git a/charts/kube-ui-server/templates/cluster-role.yaml b/charts/kube-ui-server/templates/cluster-role.yaml index 31735c12..3a5ccc43 100644 --- a/charts/kube-ui-server/templates/cluster-role.yaml +++ b/charts/kube-ui-server/templates/cluster-role.yaml @@ -8,6 +8,7 @@ rules: - apiGroups: - core.k8s.appscode.com - cost.k8s.appscode.com + - editor.ui.k8s.appscode.com - identity.k8s.appscode.com - management.k8s.appscode.com - meta.k8s.appscode.com diff --git a/charts/kube-ui-server/templates/user-roles.yaml b/charts/kube-ui-server/templates/user-roles.yaml index dd25a91c..1a0bed4f 100644 --- a/charts/kube-ui-server/templates/user-roles.yaml +++ b/charts/kube-ui-server/templates/user-roles.yaml @@ -11,6 +11,7 @@ rules: - apiGroups: - core.k8s.appscode.com - cost.k8s.appscode.com + - editor.ui.k8s.appscode.com - identity.k8s.appscode.com - management.k8s.appscode.com - meta.k8s.appscode.com @@ -80,6 +81,11 @@ rules: - resourcecalculators - resourcegraphs verbs: ["create"] +- apiGroups: + - editor.ui.k8s.appscode.com + resources: + - editortemplates + verbs: ["create"] - apiGroups: - meta.k8s.appscode.com resources: diff --git a/hack/scripts/ct.sh b/hack/scripts/ct.sh index 4b2babbf..665c7676 100755 --- a/hack/scripts/ct.sh +++ b/hack/scripts/ct.sh @@ -23,7 +23,8 @@ for dir in charts/*/; do echo $dir if [ $num_files -le 1 ] || [[ "$dir" = "cluster-connector" ]] || - [[ "$dir" = "pgoutbox" ]]; then + [[ "$dir" = "pgoutbox" ]] || + [[ "$dir" = "vcd-lb-gc" ]]; then make ct CT_COMMAND=lint TEST_CHARTS=charts/$dir elif [[ "$dir" = "cert-manager-csi-driver-cacerts" ]]; then ns=app-$(date +%s | head -c 6)