From cd251e5d5e3ae32d779d06ccf4270a8bada6202f Mon Sep 17 00:00:00 2001
From: Alexander Berger <alex.berger@nexxiot.com>
Date: Fri, 7 Jun 2024 17:37:15 +0200
Subject: [PATCH 1/2] Fix RBAC for multi namespace watching and to watch
 namespaces

---
 .../templates/cluster-role.yaml               | 29 +++++++++++++++++++
 .../templates/watch-roles.yaml                | 10 ++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 charts/k8s-object-syncer/templates/cluster-role.yaml

diff --git a/charts/k8s-object-syncer/templates/cluster-role.yaml b/charts/k8s-object-syncer/templates/cluster-role.yaml
new file mode 100644
index 0000000..d70fcc8
--- /dev/null
+++ b/charts/k8s-object-syncer/templates/cluster-role.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.serviceAccount.create -}}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    {{- include "k8s-object-syncer.labels" $ | nindent 4 }}
+  name: "{{ include "k8s-object-syncer.serviceAccountName" $ }}-cluster"
+rules:
+- verbs: ["list", "get", "watch"]
+  apiGroups: [""]
+  resources: ["namespaces"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    {{- include "k8s-object-syncer.labels" $ | nindent 4 }}
+  name: "{{ include "k8s-object-syncer.serviceAccountName" $ }}-cluster"
+subjects:
+- kind: ServiceAccount
+  name: {{ include "k8s-object-syncer.serviceAccountName" $ }}
+  namespace: {{ $.Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "{{ include "k8s-object-syncer.serviceAccountName" $ }}-cluster"
+{{- end }}
+
diff --git a/charts/k8s-object-syncer/templates/watch-roles.yaml b/charts/k8s-object-syncer/templates/watch-roles.yaml
index ff4f751..7eaa1f0 100644
--- a/charts/k8s-object-syncer/templates/watch-roles.yaml
+++ b/charts/k8s-object-syncer/templates/watch-roles.yaml
@@ -1,5 +1,13 @@
 {{- if .Values.serviceAccount.create -}}
-{{- range $index, $watchNamespace := .Values.sourceNamespaces }}
+
+{{ $namespaces := (len (.Values.watchNamespaces | default list)) }}
+{{ if and (eq $namespaces 1) (not (has "*" .Values.watchNamespaces)) }} 
+{{ $namespaces = .Values.watchNamespaces }}
+{{else}}
+{{ $namespaces = list "*" }}
+{{end}}
+
+{{- range $index, $watchNamespace := $namespaces }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:

From b4585ed8288622f1b5fc38d7cc31079475dd6e33 Mon Sep 17 00:00:00 2001
From: Alexander Berger <alex.berger@nexxiot.com>
Date: Fri, 7 Jun 2024 17:47:56 +0200
Subject: [PATCH 2/2] Upgrade dependencies and to k8s API v1.30

---
 Cargo.lock                                 | 30 +++++-----------------
 rustrial-k8s-object-syncer-apis/Cargo.toml |  2 +-
 rustrial-k8s-object-syncer/Cargo.toml      |  8 +++---
 3 files changed, 12 insertions(+), 28 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index b8e2a8d..cd5c696 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -278,15 +278,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "crossbeam-channel"
-version = "0.5.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab3db02a9c5b5121e1e42fbdb1aeb65f5e02624cc58c43f2884c6ccac0b82f95"
-dependencies = [
- "crossbeam-utils",
-]
-
 [[package]]
 name = "crossbeam-utils"
 version = "0.8.19"
@@ -1002,9 +993,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
 
 [[package]]
 name = "opentelemetry"
-version = "0.22.0"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "900d57987be3f2aeb70d385fff9b27fb74c5723cc9a52d904d4f9c807a0667bf"
+checksum = "1b69a91d4893e713e06f724597ad630f1fa76057a5e1026c0ca67054a9032a76"
 dependencies = [
  "futures-core",
  "futures-sink",
@@ -1012,14 +1003,13 @@ dependencies = [
  "once_cell",
  "pin-project-lite",
  "thiserror",
- "urlencoding",
 ]
 
 [[package]]
 name = "opentelemetry-prometheus"
-version = "0.15.0"
+version = "0.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30bbcf6341cab7e2193e5843f0ac36c446a5b3fccb28747afaeda17996dcd02e"
+checksum = "5e1a24eafe47b693cb938f8505f240dc26c71db60df9aca376b4f857e9653ec7"
 dependencies = [
  "once_cell",
  "opentelemetry",
@@ -1030,16 +1020,16 @@ dependencies = [
 
 [[package]]
 name = "opentelemetry_sdk"
-version = "0.22.1"
+version = "0.23.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e90c7113be649e31e9a0f8b5ee24ed7a16923b322c3c5ab6367469c049d6b7e"
+checksum = "ae312d58eaa90a82d2e627fd86e075cf5230b3f11794e2ed74199ebbe572d4fd"
 dependencies = [
  "async-trait",
- "crossbeam-channel",
  "futures-channel",
  "futures-executor",
  "futures-util",
  "glob",
+ "lazy_static",
  "once_cell",
  "opentelemetry",
  "ordered-float 4.2.0",
@@ -1834,12 +1824,6 @@ version = "0.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
-[[package]]
-name = "urlencoding"
-version = "2.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da"
-
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
diff --git a/rustrial-k8s-object-syncer-apis/Cargo.toml b/rustrial-k8s-object-syncer-apis/Cargo.toml
index fc77c97..109956c 100644
--- a/rustrial-k8s-object-syncer-apis/Cargo.toml
+++ b/rustrial-k8s-object-syncer-apis/Cargo.toml
@@ -16,6 +16,6 @@ serde_yaml = "0.9.21"
 
 [dev-dependencies]
 k8s-openapi = { workspace = true, default-features = false, features = [
-    "v1_29",
+    "v1_30",
     "schemars",
 ] }
diff --git a/rustrial-k8s-object-syncer/Cargo.toml b/rustrial-k8s-object-syncer/Cargo.toml
index f8240ca..f8ac0b4 100644
--- a/rustrial-k8s-object-syncer/Cargo.toml
+++ b/rustrial-k8s-object-syncer/Cargo.toml
@@ -10,9 +10,9 @@ license = "Unlicense OR MIT OR Apache-2.0"
 [dependencies]
 log = "0.4.17"
 env_logger = "0.11.3"
-opentelemetry = "0.22.0"
-opentelemetry_sdk = "0.22.1"
-opentelemetry-prometheus = "0.15.0"
+opentelemetry = "0.23.0"
+opentelemetry_sdk = "0.23.0"
+opentelemetry-prometheus = "0.16.0"
 prometheus = "0.13.0"
 anyhow = { version = "1.0.57", features = ["std"] }
 thiserror = "1.0.26"
@@ -27,7 +27,7 @@ kube = { workspace = true, features = [
 json-patch = "^1.4.0"
 kube-runtime = "0.91.0"
 k8s-openapi = { workspace = true, default-features = false, features = [
-    "v1_29",
+    "v1_30",
     "schemars",
 ] }
 serde = { workspace = true, features = ["derive"] }