From 38b13031d6a6ee620991e19e75d94a1d83b50748 Mon Sep 17 00:00:00 2001
From: Jeremias Weber <jeremias.weber@cloudogu.com>
Date: Wed, 18 Dec 2024 13:42:01 +0100
Subject: [PATCH 1/4] #74 add missing rbacs to update exposed ports

---
 CHANGELOG.md                                   |  3 +++
 k8s/helm/templates/service-discovery-role.yaml | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 03d3571..6cc60c5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- [#74] Missing `get`- and `update`-permissions for `tcp-services` and `udp-services` configmaps
+  - These are necessary to update exposed ports
 
 ## [v1.3.1] - 2024-12-17
 ### Fixed
diff --git a/k8s/helm/templates/service-discovery-role.yaml b/k8s/helm/templates/service-discovery-role.yaml
index 5b18aa1..6ebb148 100644
--- a/k8s/helm/templates/service-discovery-role.yaml
+++ b/k8s/helm/templates/service-discovery-role.yaml
@@ -32,6 +32,18 @@ rules:
       - list
       - get
       - watch
+  # update exposed ports in tcp- and udp-services configmaps
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    resourceNames:
+      - tcp-services
+      - udp-services
+    verbs:
+      - get
+      - update
+  # create and update ingress objects for dogus
   - apiGroups:
       - networking.k8s.io
     resources:

From ae514045799a18b0c2b4f36771d002b96d8e8d22 Mon Sep 17 00:00:00 2001
From: Niklas <niklas.hinze@cloudogu.com>
Date: Wed, 18 Dec 2024 18:06:06 +0100
Subject: [PATCH 2/4] Activate deny all network policy

---
 CHANGELOG.md         | 3 +++
 k8s/helm/values.yaml | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6cc60c5..42e014b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Changed
+- Activate deny all networkpolicy in helm values.
+
 ### Fixed
 - [#74] Missing `get`- and `update`-permissions for `tcp-services` and `udp-services` configmaps
   - These are necessary to update exposed ports
diff --git a/k8s/helm/values.yaml b/k8s/helm/values.yaml
index d4e596f..f7f3ede 100644
--- a/k8s/helm/values.yaml
+++ b/k8s/helm/values.yaml
@@ -43,5 +43,5 @@ ingress:
   controller: nginx-ingress # currently only supported ingress controller
 networkPolicies:
   enabled: true
-  denyAll: false
+  denyAll: true
   ingressControllerAllowedCIDR: "0.0.0.0/0"

From 7263df387a04e7490952b50674d2fbcfc015a159 Mon Sep 17 00:00:00 2001
From: Niklas <niklas.hinze@cloudogu.com>
Date: Wed, 18 Dec 2024 18:34:15 +0100
Subject: [PATCH 3/4] Bump version

---
 Dockerfile                        | 2 +-
 Makefile                          | 2 +-
 k8s/helm/component-patch-tpl.yaml | 2 +-
 k8s/helm/values.yaml              | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 1b619bc..e76c8f9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -31,7 +31,7 @@ RUN make compile-generic
 FROM gcr.io/distroless/static:nonroot
 LABEL maintainer="hello@cloudogu.com" \
       NAME="k8s-service-discovery" \
-      VERSION="1.3.1"
+      VERSION="1.3.2"
 
 WORKDIR /
 
diff --git a/Makefile b/Makefile
index 435ec8a..f4b75d7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 # Set these to the desired values
 ARTIFACT_ID=k8s-service-discovery
-VERSION=1.3.1
+VERSION=1.3.2
 
 IMAGE=cloudogu/${ARTIFACT_ID}:${VERSION}
 GOTAG?=1.23.4
diff --git a/k8s/helm/component-patch-tpl.yaml b/k8s/helm/component-patch-tpl.yaml
index a41ac29..1078db8 100644
--- a/k8s/helm/component-patch-tpl.yaml
+++ b/k8s/helm/component-patch-tpl.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 values:
   images:
-    serviceDiscovery: cloudogu/k8s-service-discovery:1.3.1
+    serviceDiscovery: cloudogu/k8s-service-discovery:1.3.2
 patches:
   values.yaml:
     manager:
diff --git a/k8s/helm/values.yaml b/k8s/helm/values.yaml
index f7f3ede..1480602 100644
--- a/k8s/helm/values.yaml
+++ b/k8s/helm/values.yaml
@@ -26,7 +26,7 @@ manager:
   image:
     registry: docker.io
     repository: cloudogu/k8s-service-discovery
-    tag: 1.3.1
+    tag: 1.3.2
   env:
     logLevel: info
     stage: production

From 9793ab4b033720d951ab4f904b4dbdbb90d92560 Mon Sep 17 00:00:00 2001
From: Niklas <niklas.hinze@cloudogu.com>
Date: Wed, 18 Dec 2024 18:34:30 +0100
Subject: [PATCH 4/4] Update changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 42e014b..bf89ec7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+## [v1.3.2] - 2024-12-18
 ### Changed
 - Activate deny all networkpolicy in helm values.