feat: add aggregate cluster roles (#396)

pujan-rpc · Copilot · web-flow · commit 0a45cf3759ec · 2026-01-05T23:15:42.000+05:30
Signed-off-by: pujan-rpc &lt;pujan.shah@redcare-pharmacy.com&gt;
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/charts/dragonfly-operator/templates/aggregateroles.yaml b/charts/dragonfly-operator/templates/aggregateroles.yaml
@@ -0,0 +1,86 @@
+{{- if .Values.createAggregateRoles }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-aggregate-to-view
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies/status
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-aggregate-to-edit
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies/status
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "dragonfly-operator.fullname" . }}-aggregate-to-admin
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+    {{- include "dragonfly-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - dragonflydb.io
+    resources:
+      - dragonflies/status
+    verbs:
+      - get
+      - list
+      - watch
+{{- end }}
diff --git a/charts/dragonfly-operator/values.yaml b/charts/dragonfly-operator/values.yaml
@@ -22,6 +22,9 @@ dragonflyImage: ""
 additionalLabels: {}
   # app: dragonfly-operator
 
+# -- Create aggregated cluster roles for view, edit, and admin
+createAggregateRoles: true
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
