feat: [TKC-3299] add namespaces rbac

charts/testkube-api/templates/configmap.yaml

@@ -10,6 +10,9 @@ metadata:
   annotations: {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 4 }}
   {{- end }}
 data:
+{{- if .Values.next.enabled }}
+  enable-cron-jobs: "{{ .Values.next.cronJobs.enabled }}"
+{{- end }}
   executors.json: |-
 {{ include "testkube-api.executors" . | indent 4 }}
   job-container-template.yml: |-

charts/testkube-api/templates/deployment.yaml

@@ -250,6 +250,8 @@ spec:
               value: "{{ .Values.next.gitops.namePatterns.kubernetes }}"
             - name: DISABLE_DEFAULT_AGENT
               value: "{{ not .Values.next.legacyAgent.enabled }}"
+            - name: ENABLE_CRON_JOBS
+              value: "{{ .Values.next.cronJobs.enabled }}"           
             {{- end }}
           image: {{ include "testkube-api.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}

charts/testkube-api/values.yaml

@@ -189,6 +189,13 @@ next:
     ## Should it enable controller API
     enabled: true
 
+
+  ## Configure cron jobs in this installation.
+  # - tkcagnt_*** - Super Agent
+  cronJobs:
+    ## Should it manage cron jobs
+    enabled: true
+
 ## Testkube API Deployment parameters
 ## Running Testkube in Agent mode
 cloud:

charts/testkube-operator/README.md

@@ -17,6 +17,7 @@ A Helm chart for the testkube-operator (installs needed CRDs only for now)
 | affinity | object | `{}` |  |
 | apiFullname | string | `"testkube-api-server"` |  |
 | apiPort | int | `8088` |  |
+| disableCronJobs | bool | `true` |  |
 | useArgoCDSync| bool | `false` |  |
 | extraEnvVars | list | `[]` |  |
 | fullnameOverride | string | `""` |  |

charts/testkube-operator/templates/deployment.yaml

@@ -78,6 +78,10 @@ spec:
         - name: APISERVER_PURGE_EXECUTIONS
           value: "true"
         {{- end }}
+        {{- if .Values.disableCronJobs }}        
+        - name: APISERVER_CONFIG
+          value: {{ .Values.apiFullname }}
+        {{- end }}
         ports:
         - containerPort: {{ .Values.webhookServerPort }}
           name: webhook-server

charts/testkube-operator/templates/role.yaml

@@ -541,4 +541,28 @@ rules:
   - update
 {{- end }}
 
+---
+
+apiVersion: {{ include "global.capabilities.rbac.apiVersion" . }}
+kind: ClusterRole
+metadata:
+  name: {{ .Release.Name }}-namespaces-role
+  labels:
+    {{- if .Values.global.labels }}
+    {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- if .Values.global.annotations }}
+  annotations: {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 4 }}
+    {{- end }}
+  namespace: {{ include "testkube-operator.namespace" . }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+
 {{- end -}}

charts/testkube-operator/templates/rolebinding.yaml

@@ -143,4 +143,28 @@ subjects:
     name: {{ include "testkube-operator.webhook.serviceAccountName" . }}
     namespace: {{ include "testkube-operator.namespace" . }}
 {{- end }}
+
+---
+
+apiVersion: {{ include "global.capabilities.rbac.apiVersion" . }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Release.Name }}-namespaces-rolebinding
+  labels:
+  {{- if .Values.global.labels }}
+  {{- include "global.tplvalues.render" ( dict "value" .Values.global.labels "context" $ ) | nindent 4 }}
+  {{- end }}
+  {{- if .Values.global.annotations }}
+  annotations: {{- include "global.tplvalues.render" ( dict "value" .Values.global.annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ include "testkube-operator.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Release.Name }}-namespaces-role
+subjects:
+- kind: ServiceAccount
+  name: {{ include "testkube-operator.serviceAccountName" . }}
+  namespace: {{ include "testkube-operator.namespace" . }}
+
 {{- end -}}

charts/testkube-operator/values.yaml

@@ -99,6 +99,8 @@ healthcheckPort: 8081
 useArgoCDSync: false
 # purge executions on CRD deletion
 purgeExecutions: false
+# disable cron jobs for scheduling test, suites, workflows
+disableCronJobs: true
 
 ## Service Account parameters
 serviceAccount:

charts/testkube/README.md

@@ -436,6 +436,7 @@ kubectl label --overwrite crds scripts.tests.testkube.io app.kubernetes.io/manag
 | testkube-operator.apiFullname | string | `"testkube-api-server"` | Testkube API full name |
 | testkube-operator.apiPort | int | `8088` | Testkube API port |
 | testkube-operator.cronJobTemplate | string | `""` |  |
+| testkube-operator.disableCronJobs | bool | `true` | Disable cron jobs for test workflows |
 | testkube-operator.enabled | bool | `true` |  |
 | testkube-operator.extraEnvVars | list | `[]` | Extra environment variables to be set on deployment |
 | testkube-operator.fullnameOverride | string | `"testkube-operator"` | Testkube Operator fullname override |

charts/testkube/values.yaml

@@ -529,6 +529,12 @@ testkube-api:
       ## Should it be enabled
       enabled: true
 
+    ## Configure cron jobs in this installation.
+    # - tkcagnt_*** - Super Agent
+    cronJobs:
+      ## Should it manage cron jobs
+      enabled: true
+
   # ref: https://cloud.google.com/kubernetes-engine/docs/how-to/prepare-arm-workloads-for-deployment#node-affinity-multi-arch-arm
   # -- Tolerations to schedule a workload to nodes with any architecture type. Required for deployment to GKE cluster.
   tolerations: []
@@ -987,6 +993,8 @@ testkube-operator:
   useArgoCDSync: false
   # -- Purge executions on CRD deletion
   purgeExecutions: false
+  # disable cron jobs for scheduling test, suites, workflows
+  disableCronJobs: true
 
   # Service Account parameters
   serviceAccount: