review update

cnvergence · cnvergence · commit 15ff876a9e93 · 2026-04-14T19:34:08.000+02:00
Signed-off-by: Karol Szwaj &lt;karol.szwaj@gmail.com&gt;
diff --git a/charts/gateway-helm/templates/_rbac.tpl b/charts/gateway-helm/templates/_rbac.tpl
@@ -249,7 +249,7 @@ verbs:
   - watch
 {{- end }}
 
-{{- define "eg.rbac.namespaced.infra.secrets.read" -}}
+{{- define "eg.rbac.controllernamespace.secrets.read" -}}
 - apiGroups:
   - ""
   resources:
diff --git a/charts/gateway-helm/templates/infra-manager-rbac.yaml b/charts/gateway-helm/templates/infra-manager-rbac.yaml
@@ -43,7 +43,7 @@ metadata:
 rules:
 {{ include "eg.rbac.infra.basic" . }}
 {{ if and (.Values.config.envoyGateway.provider.kubernetes) (.Values.config.envoyGateway.provider.kubernetes.watch) (.Values.config.envoyGateway.provider.kubernetes.deploy) (eq .Values.config.envoyGateway.provider.kubernetes.deploy.type "GatewayNamespace") (.Values.config.envoyGateway.provider.kubernetes.watch.namespaces) (gt (len .Values.config.envoyGateway.provider.kubernetes.watch.namespaces) 0) }}
-{{ include "eg.rbac.namespaced.infra.secrets.read" . }}
+{{ include "eg.rbac.controllernamespace.secrets.read" . }}
 {{ end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
@@ -68,12 +68,9 @@ bug fixes: |
   Fixed per-endpoint hostname override not working because the auto-generated wildcard hostname.
   Fixed Basic Authentication failing when htpasswd secrets use CRLF line endings by normalizing to LF before passing to Envoy.
   BackendTLSPolicy was ignored when configuring TLS for telemetry backends (access logs, tracing, metrics).
-<<<<<<< HEAD
   Fixed client certificate secret never delivered when it is exclusively referenced by a SecurityPolicy `extAuth`/`jwt`/`oidc` Backend
   Fixed xRoute status condition when route has mirror filter and the mirror backend has no endpoints.
-=======
-  Fixed gateway-helm RBAC in GatewayNamespace mode with explicit `watch.namespaces` list by adding controller-namespace secret read permissions to infra-manager so generated certs ConfigMaps include `ca.crt`; secret read access is scoped to the `gateway-helm-infra-manager` Role for this mode.
->>>>>>> 0d0455f71 (add release notes)
+  Fixed gateway-helm RBAC in GatewayNamespace mode with explicit `watch.namespaces` list by adding controller-namespace secret read permissions to infra-manager.
 
 # Enhancements that improve performance.
 performance improvements: |
