fix: proxy build release, tag major (#155)

Author: raffis

.goreleaser.yaml

@@ -9,6 +9,7 @@ builds:
   - CGO_ENABLED=0
 - id: proxy
   binary: proxy
+  main: ./proxy
   goos:
   - linux
   env:
@@ -117,6 +118,10 @@ docker_manifests:
   image_templates:
   - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-amd64
   - ghcr.io/doodlescheduling/{{ .ProjectName }}:v{{ .Version }}-arm64v8
+- name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}/proxy:v{{ .Major }}
+  image_templates:
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}/proxy:v{{ .Version }}-amd64
+  - ghcr.io/doodlescheduling/{{ .ProjectName }}/proxy:v{{ .Version }}-arm64v8
 - name_template: ghcr.io/doodlescheduling/{{ .ProjectName }}/proxy:v{{ .Version }}
   image_templates:
   - ghcr.io/doodlescheduling/{{ .ProjectName }}/proxy:v{{ .Version }}-amd64

README.md

@@ -307,7 +307,7 @@ It is recommended to configure all realms to run with the proxy.
 
 ```yaml
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   name: keycloakrealm-proxy
 rules:
@@ -331,8 +331,8 @@ metadata:
   name: keycloakrealm-default
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: keycloakrealm-default
+  kind: Role
+  name: keycloakrealm-proxy
 subjects:
 - kind: ServiceAccount
   name: keycloakrealm-default
@@ -372,14 +372,11 @@ spec:
               fieldPath: metadata.namespace
         - name: PROXY_ADDRESS
           value: 127.0.0.1:8080
-        image: ghcr.io/doodlescheduling/keycloak-controller/proxy:v2.0.0
+        image: ghcr.io/doodlescheduling/keycloak-controller/proxy:v2
         name: proxy
       serviceAccount: keycloakrealm-default
 ```
 
-**Note**: The proxy needs read access to keycloakrealms as well as patch access to the /status subresource.
-In the example above there is a ClusterRole called keycloakrealm-proxy granting just that. This ClusterRole also is bundled in the helm chart, you may use {releaseName}-reconcile-proxy for the RoleBinding.
-
 ## Installation
 
 ### Helm

chart/keycloak-controller/templates/clusterrole.yaml

@@ -1,20 +1,6 @@
 {{- if .Values.clusterRBAC.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-metadata:
-  name: {{ template "keycloak-controller.fullname" . }}-reconcile-proxy
-rules:
-- apiGroups: ["keycloak.infra.doodle.com"]
-  resources:
-  - keycloakrealms
-  verbs: ["get"]
-- apiGroups: ["keycloak.infra.doodle.com"]
-  resources:
-  - keycloakrealms/status
-  verbs: ["get", "update", "patch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
   name: {{ template "keycloak-controller.fullname" . }}
   labels: