Merge branch 'posixfs-support-3'

Author: Your Name

charts/opencloud-microservices/Chart.yaml

@@ -12,7 +12,7 @@ maintainers:
     email: [email protected]
     url: https://opencloud.eu
 type: application
-version: 0.3.3
+version: 0.3.4
 # renovate: datasource=docker depName=opencloudeu/opencloud-rolling
 appVersion: 3.4.0
 kubeVersion: ""

charts/opencloud-microservices/README.md

@@ -202,8 +202,17 @@ helmfile sync
 ```
 You can also install it with timoni and fluxcd instead of helm:
 ```bash
-kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/ && \
-timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud.cue --runtime ./charts/opencloud-microservices/deployments/timoni/runtime.cue
+## Install opencloud
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud/opencloud.cue --runtime ./charts/opencloud-microservices/deployments/timoni/opencloud/runtime.cue
+
+## Install openldap
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/openldap && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/openldap/openldap.cue --runtime ./charts/opencloud-microservices/deployments/timoni/openldap/runtime.cue
+
+## Install clamav
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/clamav && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue --runtime ./charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue
 ```
 
 
@@ -220,8 +229,17 @@ helmfile sync
 ```
 You can also install it with timoni and fluxcd instead of helm:
 ```bash
-kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/ && \
-timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud.cue --runtime ./charts/opencloud-microservices/deployments/timoni/runtime.cue
+## Install opencloud
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/opencloud/opencloud.cue --runtime ./charts/opencloud-microservices/deployments/timoni/opencloud/runtime.cue
+
+## Install openldap
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/openldap && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/openldap/openldap.cue --runtime ./charts/opencloud-microservices/deployments/timoni/openldap/runtime.cue
+
+## Install clamav
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/clamav && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue --runtime ./charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue
 ```
 
 

charts/opencloud-microservices/deployments/timoni/README.md

@@ -10,7 +10,7 @@ kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/openldap &&
 timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/openldap/openldap.cue --runtime ./charts/opencloud-microservices/deployments/timoni/openldap/runtime.cue
 
 ## Install clamav
-kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/openldap && \
-timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/openldap/openldap.cue --runtime ./charts/opencloud-microservices/deployments/timoni/openldap/runtime.cue
+kubectl apply -f ./charts/opencloud-microservices/deployments/timoni/clamav && \
+timoni bundle apply -f ./charts/opencloud-microservices/deployments/timoni/clamav/clamav.cue --runtime ./charts/opencloud-microservices/deployments/timoni/clamav/runtime.cue
 
 

charts/opencloud-microservices/deployments/timoni/opencloud/opencloud.cue

@@ -14,7 +14,7 @@ bundle: {
                 }
                 chart: {
                     name:    "opencloud-microservices"
-                    version: "0.3.3"
+                    version: "0.3.4"
                 }
                 sync: {
                     timeout: 10

charts/opencloud-microservices/deployments/timoni/openldap/openldap.cue

@@ -157,43 +157,6 @@ bundle: {
 							  MAY ( openCloudExternalIdentity $ openCloudUserEnabled $ openCloudUserType $ openCloudLastSignInTimestamp) )
 							"""
 					}
-					extraDeploy: [{
-						apiVersion: "v1"
-						kind:       "ServiceAccount"
-						metadata: {
-							name:      "flux"
-							namespace: "openldap"
-						}
-					}, {
-						apiVersion: "rbac.authorization.k8s.io/v1"
-						kind:       "Role"
-						metadata: {
-							name:      "flux-full-access"
-							namespace: "openldap"
-						}
-						rules: [{
-							apiGroups: ["*"]
-							resources: ["*"]
-							verbs:     ["*"]
-						}]
-					}, {
-						apiVersion: "rbac.authorization.k8s.io/v1"
-						kind:       "RoleBinding"
-						metadata: {
-							name:      "flux-full-access-binding"
-							namespace: "openldap"
-						}
-						subjects: [{
-							kind:      "ServiceAccount"
-							name:      "flux"
-							namespace: "openldap"
-						}]
-						roleRef: {
-							apiGroup: "rbac.authorization.k8s.io"
-							kind:     "Role"
-							name:     "flux-full-access"
-						}
-					}]
 				}
 			}
 		},

charts/opencloud-microservices/deployments/timoni/openldap/sa.yaml

@@ -0,0 +1,33 @@
+# Service account openldap namespace
+# 1) ServiceAccount — Flux will impersonate this
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flux
+  namespace: openldap        # <- target namespace
+---
+# 2) Role — full power *inside* that namespace
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: flux-full-access
+  namespace: openldap
+rules:
+  - apiGroups:   ["*"]     # core & all groups
+    resources:   ["*"]     # every namespaced resource
+    verbs:       ["*"]     # get, list, create, delete, …
+---
+# 3) RoleBinding — ties the Role to the SA
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: flux-full-access-binding
+  namespace: openldap
+subjects:
+  - kind:      ServiceAccount
+    name:      flux
+    namespace: openldap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind:     Role
+  name:     flux-full-access