feat(helm): align resources for helm Until now we were maintaining 2 separate set of installation resources. Here we make Helm to reuse the existing base resources instead, making easier any future evolution
diff --git a/e2e/install/helm/setup_test.go b/e2e/install/helm/setup_test.go index 8fe4bb2..607389f 100644 --- a/e2e/install/helm/setup_test.go +++ b/e2e/install/helm/setup_test.go
@@ -40,7 +40,7 @@ func TestHelmInstallation(t *testing.T) { WithNewTestNamespace(t, func(ctx context.Context, g *WithT, ns string) { containerRegistry, ok := os.LookupEnv("KAMEL_INSTALL_REGISTRY") - g.Expect(ok).To(BeTrue(), "This test requires setting KAMEL_INSTALL_REGISTRY variable.") + g.Expect(ok).To(BeTrue(), "You must provide a registry address in KAMEL_INSTALL_REGISTRY env variable") // Let's make sure no CRD is yet available in the cluster // as we must make the procedure to install them accordingly g.Eventually(CRDs(t)).Should(BeNil(), "No Camel K CRDs should be previously installed for this test")
diff --git a/e2e/support/test_support.go b/e2e/support/test_support.go index d713df0..e314b37 100644 --- a/e2e/support/test_support.go +++ b/e2e/support/test_support.go
@@ -114,8 +114,7 @@ // camel-k-edit // camel-k-operator-custom-resource-definitions // camel-k-operator-bind-addressable-resolver -// camel-k-operator-local-registry -const ExpectedKubeClusterRoles = 4 +const ExpectedKubeClusterRoles = 3 // camel-k-operator-openshift const ExpectedOSPromoteRoles = 1
diff --git a/helm/camel-k/templates/platform.yaml b/helm/camel-k/templates/default-itp.yaml similarity index 100% rename from helm/camel-k/templates/platform.yaml rename to helm/camel-k/templates/default-itp.yaml
diff --git a/helm/camel-k/templates/operator-cluster-role-bindings.yaml b/helm/camel-k/templates/operator-cluster-role-bindings.yaml deleted file mode 100644 index 54715f7..0000000 --- a/helm/camel-k/templates/operator-cluster-role-bindings.yaml +++ /dev/null
@@ -1,196 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- - -{{- if eq .Values.operator.global "true" }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator - apiGroup: rbac.authorization.k8s.io - - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-custom-resource-definitions - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-custom-resource-definitions - apiGroup: rbac.authorization.k8s.io - - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-events - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-events - apiGroup: rbac.authorization.k8s.io - - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-knative - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-knative - apiGroup: rbac.authorization.k8s.io - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-keda - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-keda - apiGroup: rbac.authorization.k8s.io - - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-leases - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-leases - apiGroup: rbac.authorization.k8s.io - - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-podmonitors - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-podmonitors - apiGroup: rbac.authorization.k8s.io - - ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-strimzi - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-strimzi - apiGroup: rbac.authorization.k8s.io - - -{{- if eq .Values.platform.cluster "OpenShift" }} ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-console-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-console-openshift - apiGroup: rbac.authorization.k8s.io ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: camel-k-operator-openshift - apiGroup: rbac.authorization.k8s.io -{{- end }} - -{{- end }} \ No newline at end of file
diff --git a/helm/camel-k/templates/operator.yaml b/helm/camel-k/templates/operator-deployment.yaml similarity index 100% rename from helm/camel-k/templates/operator.yaml rename to helm/camel-k/templates/operator-deployment.yaml
diff --git a/helm/camel-k/templates/operator-role-binding.yaml b/helm/camel-k/templates/operator-role-binding.yaml deleted file mode 100644 index 5b072d7..0000000 --- a/helm/camel-k/templates/operator-role-binding.yaml +++ /dev/null
@@ -1,50 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- - -{{- if eq .Values.operator.global "false" }} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-operator -roleRef: - kind: Role - name: camel-k-operator - apiGroup: rbac.authorization.k8s.io - ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-builder-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: camel-k-builder -roleRef: - kind: Role - name: camel-k-builder-openshift - apiGroup: rbac.authorization.k8s.io - -{{- end }} \ No newline at end of file
diff --git a/helm/camel-k/templates/operator-role.yaml b/helm/camel-k/templates/operator-role.yaml deleted file mode 100644 index f9f7b6c..0000000 --- a/helm/camel-k/templates/operator-role.yaml +++ /dev/null
@@ -1,384 +0,0 @@ -# --------------------------------------------------------------------------- -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# --------------------------------------------------------------------------- - -{{- if eq .Values.operator.global "false" }} -kind: Role -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - camel.apache.org - resources: - - builds - - camelcatalogs - - integrationkits - - integrationplatforms - - integrationprofiles - - integrations - - pipes - - kamelets - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list -- apiGroups: - - camel.apache.org - resources: - - builds - - integrations - verbs: - - delete -- apiGroups: - - camel.apache.org - resources: - - builds/status - - camelcatalogs/status - - integrationkits/status - - integrationplatforms/status - - integrationprofiles/status - - integrations/scale - - integrations/status - - pipes/status - - pipes/scale - - kamelets/status - verbs: - - get - - patch - - update -- apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - configmaps - - secrets - - serviceaccounts - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create -- apiGroups: - - "" - resources: - - pods/proxy - - pods/log - verbs: - - get -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - create - - delete - - get - - update - - list - - patch - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - - rolebindings - - clusterrolebindings - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - batch - resources: - - cronjobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - get - - list -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - get - - list - - watch -- apiGroups: - - keda.sh - resources: - - scaledobjects - - triggerauthentications - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.knative.dev - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - eventing.knative.dev - resources: - - triggers - - brokers - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - messaging.knative.dev - resources: - - subscriptions - - channels - - inmemorychannels - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - sources.knative.dev - resources: - - sinkbindings - verbs: - - create - - delete - - get - - list - - patch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - camel.apache.org - resources: - - builds/finalizers - - integrationkits/finalizers - - integrationplatforms/finalizers - - integrationprofiles/finalizers - - integrations/finalizers - - pipes/finalizers - verbs: - - update -- apiGroups: - - "" - - build.openshift.io - resources: - - buildconfigs - - buildconfigs/webhooks - - builds - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - - image.openshift.io - resources: - - imagestreamimages - - imagestreammappings - - imagestreams - - imagestreams/secrets - - imagestreamtags - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - - build.openshift.io - resources: - - buildconfigs/instantiate - - buildconfigs/instantiatebinary - - builds/clone - verbs: - - create -- apiGroups: - - "" - - route.openshift.io - resources: - - routes - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - - route.openshift.io - resources: - - routes/custom-host - verbs: - - create -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - - kafkatopics/status - - kafkas - verbs: - - get - - list - - watch -- apiGroups: - - "apiextensions.k8s.io" - resources: - - customresourcedefinitions - verbs: - - get -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - bind -{{- end }}
diff --git a/helm/camel-k/templates/operator-service-account.yaml b/helm/camel-k/templates/operator-svcs.yaml similarity index 91% rename from helm/camel-k/templates/operator-service-account.yaml rename to helm/camel-k/templates/operator-svcs.yaml index f5ad7fb..5a670a0 100644 --- a/helm/camel-k/templates/operator-service-account.yaml +++ b/helm/camel-k/templates/operator-svcs.yaml
@@ -26,3 +26,12 @@ annotations: {{ toYaml . | nindent 4 }} {{- end }} + +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: camel-k-builder + labels: + app: "camel-k"
diff --git a/helm/camel-k/templates/rbacs-common.yaml b/helm/camel-k/templates/rbacs-common.yaml new file mode 100644 index 0000000..82363ca --- /dev/null +++ b/helm/camel-k/templates/rbacs-common.yaml
@@ -0,0 +1,243 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: camel-k + name: camel-k-builder +rules: +- apiGroups: + - camel.apache.org + resources: + - builds + - camelcatalogs + - integrationkits + verbs: + - get + - list +- apiGroups: + - camel.apache.org + resources: + - builds/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: camel-k + name: camel-k-builder-openshift +rules: +- apiGroups: + - "" + - build.openshift.io + resources: + - buildconfigs + - buildconfigs/webhooks + - builds + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - image.openshift.io + resources: + - imagestreamimages + - imagestreammappings + - imagestreams + - imagestreams/secrets + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - build.openshift.io + resources: + - buildconfigs/instantiate + - buildconfigs/instantiatebinary + - builds/clone + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: camel-k + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + name: camel-k-edit +rules: +- apiGroups: + - camel.apache.org + resources: + - builds + - camelcatalogs + - integrationkits + - integrationplatforms + - integrationprofiles + - integrations + - pipes + - kamelets + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - camel.apache.org + resources: + - builds/status + - camelcatalogs/status + - integrationkits/status + - integrationplatforms/status + - integrationprofiles/status + - integrations/scale + - integrations/status + - pipes/scale + - pipes/status + - kamelets/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: camel-k + name: camel-k-operator-bind-addressable-resolver +rules: +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - addressable-resolver + resources: + - clusterroles + verbs: + - bind +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: camel-k + name: camel-k-operator-custom-resource-definitions +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-builder +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-builder +subjects: +- kind: ServiceAccount + name: camel-k-builder +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-builder-openshift +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-builder-openshift +subjects: +- kind: ServiceAccount + name: camel-k-builder +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-bind-addressable-resolver +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-bind-addressable-resolver +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-custom-resource-definitions +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-custom-resource-definitions +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}'
diff --git a/helm/camel-k/templates/operator-cluster-roles.yaml b/helm/camel-k/templates/rbacs-descoped.yaml similarity index 70% copy from helm/camel-k/templates/operator-cluster-roles.yaml copy to helm/camel-k/templates/rbacs-descoped.yaml index 8b37fab..0cd4dfc 100644 --- a/helm/camel-k/templates/operator-cluster-roles.yaml +++ b/helm/camel-k/templates/rbacs-descoped.yaml
@@ -14,65 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. # --------------------------------------------------------------------------- - {{- if eq .Values.operator.global "true" }} -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: camel-k-edit labels: - app: "camel-k" - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - camel.apache.org - resources: - - builds - - camelcatalogs - - integrationkits - - integrationplatforms - - integrationprofiles - - integrations - - pipes - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - camel.apache.org - resources: - - builds/status - - camelcatalogs/status - - integrationkits/status - - integrationplatforms/status - - integrationprofiles/status - - integrations/scale - - integrations/status - - pipes/status - - pipes/scale - - kamelets/status - verbs: - - get - - patch - - update - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: + app: camel-k name: camel-k-operator - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} rules: - apiGroups: - camel.apache.org @@ -144,6 +92,7 @@ - "" resources: - pods/proxy + - pods/log verbs: - get - apiGroups: @@ -163,6 +112,7 @@ resources: - roles - rolebindings + - clusterrolebindings verbs: - create - delete @@ -219,33 +169,27 @@ - patch - update - watch - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-custom-resource-definitions - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: - apiGroups: - - apiextensions.k8s.io + - storage.k8s.io resources: - - customresourcedefinitions + - storageclasses verbs: - get - - + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: camel-k-operator-events labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} + app: camel-k + name: camel-k-operator-events rules: - apiGroups: - "" @@ -257,20 +201,41 @@ - get - list - watch - --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: camel-k-operator-knative labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} + app: camel-k + name: camel-k-operator-keda +rules: +- apiGroups: + - keda.sh + resources: + - scaledobjects + - triggerauthentications + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: camel-k + name: camel-k-operator-knative rules: - apiGroups: - serving.knative.dev resources: - services + - routes verbs: - create - delete @@ -315,43 +280,23 @@ - list - patch - update - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-keda - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: - apiGroups: - - "keda.sh" + - "" resources: - - scaledobjects - - triggerauthentications + - namespaces verbs: - - create - - delete - - deletecollection - get - - list - patch - - update - - watch - - --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: camel-k-operator-leases labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} + app: camel-k + name: camel-k-operator-leases rules: - apiGroups: - - "coordination.k8s.io" + - coordination.k8s.io resources: - leases verbs: @@ -363,99 +308,13 @@ - patch - update - watch - - --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: - name: camel-k-operator-local-registry labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["local-registry-hosting"] - verbs: ["get"] - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-podmonitors - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-strimzi - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - "kafka.strimzi.io" - resources: - - kafkatopics - - kafkatopics/status - - kafkas - verbs: - - get - - list - - watch - - -{{- if eq .Values.platform.cluster "OpenShift" }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-console-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - console.openshift.io - resources: - - consoleclidownloads - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: + app: camel-k name: camel-k-operator-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} rules: - apiGroups: - camel.apache.org @@ -470,7 +329,7 @@ - update - apiGroups: - "" - - "build.openshift.io" + - build.openshift.io resources: - buildconfigs - buildconfigs/webhooks @@ -486,7 +345,7 @@ - watch - apiGroups: - "" - - "image.openshift.io" + - image.openshift.io resources: - imagestreamimages - imagestreammappings @@ -513,7 +372,7 @@ - create - apiGroups: - "" - - "route.openshift.io" + - route.openshift.io resources: - routes verbs: @@ -532,6 +391,163 @@ - routes/custom-host verbs: - create -{{- end }} - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: camel-k + name: camel-k-operator-podmonitors +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: camel-k + name: camel-k-operator-strimzi +rules: +- apiGroups: + - kafka.strimzi.io + resources: + - kafkatopics + - kafkatopics/status + - kafkas + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-events +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-events +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-keda +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-keda +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-knative +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-knative +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-leases +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-leases +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-openshift +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-openshift +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-podmonitors +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-podmonitors +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-strimzi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: camel-k-operator-strimzi +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: '{{ .Release.Namespace }}' {{- end }}
diff --git a/helm/camel-k/templates/operator-cluster-roles.yaml b/helm/camel-k/templates/rbacs-namespaced.yaml similarity index 71% rename from helm/camel-k/templates/operator-cluster-roles.yaml rename to helm/camel-k/templates/rbacs-namespaced.yaml index 8b37fab..83e49e7 100644 --- a/helm/camel-k/templates/operator-cluster-roles.yaml +++ b/helm/camel-k/templates/rbacs-namespaced.yaml
@@ -14,65 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. # --------------------------------------------------------------------------- - -{{- if eq .Values.operator.global "true" }} -kind: ClusterRole +{{- if eq .Values.operator.global "false" }} apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: camel-k-edit labels: - app: "camel-k" - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - camel.apache.org - resources: - - builds - - camelcatalogs - - integrationkits - - integrationplatforms - - integrationprofiles - - integrations - - pipes - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - camel.apache.org - resources: - - builds/status - - camelcatalogs/status - - integrationkits/status - - integrationplatforms/status - - integrationprofiles/status - - integrations/scale - - integrations/status - - pipes/status - - pipes/scale - - kamelets/status - verbs: - - get - - patch - - update - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: + app: camel-k name: camel-k-operator - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} rules: - apiGroups: - camel.apache.org @@ -96,6 +44,7 @@ - camel.apache.org resources: - builds + - integrations verbs: - delete - apiGroups: @@ -144,6 +93,7 @@ - "" resources: - pods/proxy + - pods/log verbs: - get - apiGroups: @@ -163,6 +113,7 @@ resources: - roles - rolebindings + - clusterrolebindings verbs: - create - delete @@ -219,33 +170,27 @@ - patch - update - watch - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-custom-resource-definitions - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: - apiGroups: - - apiextensions.k8s.io + - storage.k8s.io resources: - - customresourcedefinitions + - storageclasses verbs: - get - - + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: camel-k-operator-events labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} + app: camel-k + name: camel-k-operator-events rules: - apiGroups: - "" @@ -257,20 +202,41 @@ - get - list - watch - --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: camel-k-operator-knative labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} + app: camel-k + name: camel-k-operator-keda +rules: +- apiGroups: + - keda.sh + resources: + - scaledobjects + - triggerauthentications + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: camel-k + name: camel-k-operator-knative rules: - apiGroups: - serving.knative.dev resources: - services + - routes verbs: - create - delete @@ -315,43 +281,23 @@ - list - patch - update - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-keda - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: - apiGroups: - - "keda.sh" + - "" resources: - - scaledobjects - - triggerauthentications + - namespaces verbs: - - create - - delete - - deletecollection - get - - list - patch - - update - - watch - - --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: camel-k-operator-leases labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} + app: camel-k + name: camel-k-operator-leases rules: - apiGroups: - - "coordination.k8s.io" + - coordination.k8s.io resources: - leases verbs: @@ -363,99 +309,13 @@ - patch - update - watch - - --- -kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 +kind: Role metadata: - name: camel-k-operator-local-registry labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["local-registry-hosting"] - verbs: ["get"] - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-podmonitors - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - monitoring.coreos.com - resources: - - podmonitors - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-strimzi - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - "kafka.strimzi.io" - resources: - - kafkatopics - - kafkatopics/status - - kafkas - verbs: - - get - - list - - watch - - -{{- if eq .Values.platform.cluster "OpenShift" }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: camel-k-operator-console-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} -rules: -- apiGroups: - - console.openshift.io - resources: - - consoleclidownloads - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: + app: camel-k name: camel-k-operator-openshift - labels: - app: "camel-k" - {{- include "camel-k.labels" . | nindent 4 }} rules: - apiGroups: - camel.apache.org @@ -470,7 +330,7 @@ - update - apiGroups: - "" - - "build.openshift.io" + - build.openshift.io resources: - buildconfigs - buildconfigs/webhooks @@ -486,7 +346,7 @@ - watch - apiGroups: - "" - - "image.openshift.io" + - image.openshift.io resources: - imagestreamimages - imagestreammappings @@ -513,7 +373,7 @@ - create - apiGroups: - "" - - "route.openshift.io" + - route.openshift.io resources: - routes verbs: @@ -532,6 +392,155 @@ - routes/custom-host verbs: - create -{{- end }} - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: camel-k + name: camel-k-operator-podmonitors +rules: +- apiGroups: + - monitoring.coreos.com + resources: + - podmonitors + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: camel-k + name: camel-k-operator-strimzi +rules: +- apiGroups: + - kafka.strimzi.io + resources: + - kafkatopics + - kafkatopics/status + - kafkas + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-events +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-events +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-keda +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-keda +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-knative +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-knative +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-leases +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-leases +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-openshift +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-openshift +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-podmonitors +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-podmonitors +subjects: +- kind: ServiceAccount + name: camel-k-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: camel-k + name: camel-k-operator-strimzi +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-strimzi +subjects: +- kind: ServiceAccount + name: camel-k-operator {{- end }}
diff --git a/install/base/kustomization.yaml b/install/base/kustomization.yaml index fd44ce4..b13cf20 100644 --- a/install/base/kustomization.yaml +++ b/install/base/kustomization.yaml
@@ -21,15 +21,3 @@ - ./config/crd - ./config/rbac - ./config/manager - -transformers: -- |- - apiVersion: builtin - kind: PatchTransformer - metadata: - name: fix-local-registry-rbac-namespace - patch: '[{"op": "replace", "path": "/metadata/namespace", "value": "kube-public"}]' - target: - group: rbac.authorization.k8s.io - kind: RoleBinding - name: camel-k-operator-local-registry
diff --git a/install/overlays/platform/integration-platform.yaml b/install/overlays/platform/integration-platform.yaml index 01ef3cb..a7e61cf 100644 --- a/install/overlays/platform/integration-platform.yaml +++ b/install/overlays/platform/integration-platform.yaml
@@ -23,9 +23,6 @@ app: "camel-k" spec: build: - # Registry is required unless your cluster has KEP-1755 enabled and you want to use the local registry. - # This is a feature recommended for development purpose only. - # more info at https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry registry: # For minikube local cluster you can enable a local registry with #
diff --git a/pkg/platform/defaults.go b/pkg/platform/defaults.go index 930a926..f8444f4 100644 --- a/pkg/platform/defaults.go +++ b/pkg/platform/defaults.go
@@ -100,7 +100,7 @@ return err } - err = configureRegistry(ctx, c, p, verbose) + err = configureRegistry(ctx, c, p) if err != nil { return err } @@ -116,7 +116,7 @@ return nil } -func configureRegistry(ctx context.Context, c client.Client, p *v1.IntegrationPlatform, verbose bool) error { +func configureRegistry(ctx context.Context, c client.Client, p *v1.IntegrationPlatform) error { if p.Status.Cluster == v1.IntegrationPlatformClusterOpenShift && p.Status.Build.PublishStrategy == v1.IntegrationPlatformBuildPublishStrategyS2I && p.Status.Build.Registry.Address == "" {
diff --git a/helm/camel-k/templates/builder-service-account.yaml b/pkg/resources/config/helm/common/kustomization.yaml similarity index 77% copy from helm/camel-k/templates/builder-service-account.yaml copy to pkg/resources/config/helm/common/kustomization.yaml index 9952a77..313e06e 100644 --- a/helm/camel-k/templates/builder-service-account.yaml +++ b/pkg/resources/config/helm/common/kustomization.yaml
@@ -14,10 +14,17 @@ # See the License for the specific language governing permissions and # limitations under the License. # --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camel-k-builder - labels: - app: "camel-k" +# Labels to add to all resources and selectors. +commonLabels: + app: camel-k + +resources: +- ../../rbac + +patches: + - target: + kind: ClusterRoleBinding + path: patch-rolebinding-subjects.yaml
diff --git a/helm/camel-k/templates/builder-service-account.yaml b/pkg/resources/config/helm/common/patch-rolebinding-subjects.yaml similarity index 89% rename from helm/camel-k/templates/builder-service-account.yaml rename to pkg/resources/config/helm/common/patch-rolebinding-subjects.yaml index 9952a77..0b99b40 100644 --- a/helm/camel-k/templates/builder-service-account.yaml +++ b/pkg/resources/config/helm/common/patch-rolebinding-subjects.yaml
@@ -15,9 +15,6 @@ # limitations under the License. # --------------------------------------------------------------------------- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camel-k-builder - labels: - app: "camel-k" +- op: add + path: /subjects/0/namespace + value: "{{ .Release.Namespace }}"
diff --git a/helm/camel-k/templates/builder-service-account.yaml b/pkg/resources/config/helm/descoped/kustomization.yaml similarity index 77% copy from helm/camel-k/templates/builder-service-account.yaml copy to pkg/resources/config/helm/descoped/kustomization.yaml index 9952a77..546dff1 100644 --- a/helm/camel-k/templates/builder-service-account.yaml +++ b/pkg/resources/config/helm/descoped/kustomization.yaml
@@ -14,10 +14,17 @@ # See the License for the specific language governing permissions and # limitations under the License. # --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camel-k-builder - labels: - app: "camel-k" +# Labels to add to all resources and selectors. +commonLabels: + app: camel-k + +resources: +- ../../rbac/descoped + +patches: + - target: + kind: ClusterRoleBinding + path: patch-rolebinding-subjects.yaml
diff --git a/helm/camel-k/templates/builder-service-account.yaml b/pkg/resources/config/helm/descoped/patch-rolebinding-subjects.yaml similarity index 89% copy from helm/camel-k/templates/builder-service-account.yaml copy to pkg/resources/config/helm/descoped/patch-rolebinding-subjects.yaml index 9952a77..0b99b40 100644 --- a/helm/camel-k/templates/builder-service-account.yaml +++ b/pkg/resources/config/helm/descoped/patch-rolebinding-subjects.yaml
@@ -15,9 +15,6 @@ # limitations under the License. # --------------------------------------------------------------------------- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camel-k-builder - labels: - app: "camel-k" +- op: add + path: /subjects/0/namespace + value: "{{ .Release.Namespace }}"
diff --git a/helm/camel-k/templates/builder-service-account.yaml b/pkg/resources/config/helm/namespaced/kustomization.yaml similarity index 83% copy from helm/camel-k/templates/builder-service-account.yaml copy to pkg/resources/config/helm/namespaced/kustomization.yaml index 9952a77..7c7a6d1 100644 --- a/helm/camel-k/templates/builder-service-account.yaml +++ b/pkg/resources/config/helm/namespaced/kustomization.yaml
@@ -14,10 +14,12 @@ # See the License for the specific language governing permissions and # limitations under the License. # --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization -apiVersion: v1 -kind: ServiceAccount -metadata: - name: camel-k-builder - labels: - app: "camel-k" +# Labels to add to all resources and selectors. +commonLabels: + app: camel-k + +resources: +- ../../rbac/namespaced
diff --git a/pkg/resources/config/rbac/kustomization.yaml b/pkg/resources/config/rbac/kustomization.yaml index 153db71..a0c41da 100644 --- a/pkg/resources/config/rbac/kustomization.yaml +++ b/pkg/resources/config/rbac/kustomization.yaml
@@ -27,15 +27,7 @@ - operator-cluster-role-binding-custom-resource-definitions.yaml - operator-cluster-role-addressable-resolver.yaml - operator-cluster-role-binding-addressable-resolver.yaml - -transformers: -- |- - apiVersion: builtin - kind: PatchTransformer - metadata: - name: fix-local-registry-rbac-namespace - patch: '[{"op": "replace", "path": "/metadata/namespace", "value": "kube-public"}]' - target: - group: rbac.authorization.k8s.io - kind: RoleBinding - name: camel-k-operator-local-registry \ No newline at end of file +- builder-role.yaml +- builder-role-openshift.yaml +- builder-role-binding.yaml +- builder-role-binding-openshift.yaml \ No newline at end of file
diff --git a/pkg/trait/deployer.go b/pkg/trait/deployer.go index 49d24a1..f88670e 100644 --- a/pkg/trait/deployer.go +++ b/pkg/trait/deployer.go
@@ -52,7 +52,7 @@ func (t *deployerTrait) Configure(e *Environment) (bool, *TraitCondition, error) { var condition *TraitCondition - //nolint:staticcheck + //nolint: staticcheck if !ptr.Deref(t.UseSSA, true) { condition = NewIntegrationCondition( "Deployer", @@ -70,7 +70,7 @@ e.PostActions = append(e.PostActions, func(env *Environment) error { applier := e.Client.ServerOrClientSideApplier() for _, resource := range env.Resources.Items() { - //nolint:staticcheck + //nolint: staticcheck if ptr.Deref(t.UseSSA, true) { if err := applier.Apply(e.Ctx, resource); err != nil { return err
diff --git a/script/Makefile b/script/Makefile index cd55de9..9e13b2c 100644 --- a/script/Makefile +++ b/script/Makefile
@@ -221,6 +221,7 @@ ./script/gen_doc.sh cd pkg/apis/camel && $(CONTROLLER_GEN) paths="./..." object cd addons/keda/duck && $(CONTROLLER_GEN) paths="./..." object + ./script/gen_helm.sh codegen-tools-install: @# We must force the installation to make sure we are using the correct version
diff --git a/script/gen_helm.sh b/script/gen_helm.sh new file mode 100755 index 0000000..35b2c5f --- /dev/null +++ b/script/gen_helm.sh
@@ -0,0 +1,36 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +location=$(dirname "$0") + +cd $location/../ + +cat ./script/headers/yaml.txt > ./helm/camel-k/templates/rbacs-common.yaml +cat ./script/headers/yaml.txt > ./helm/camel-k/templates/rbacs-descoped.yaml +cat ./script/headers/yaml.txt > ./helm/camel-k/templates/rbacs-namespaced.yaml + +kustomize build ./pkg/resources/config/helm/common/. >> ./helm/camel-k/templates/rbacs-common.yaml + +printf "{{- if eq .Values.operator.global \"false\" }}\n" >> ./helm/camel-k/templates/rbacs-namespaced.yaml +kustomize build ./pkg/resources/config/helm/namespaced/. >> ./helm/camel-k/templates/rbacs-namespaced.yaml +printf "{{- end }}\n" >> ./helm/camel-k/templates/rbacs-namespaced.yaml + +printf "{{- if eq .Values.operator.global \"true\" }}\n" >> ./helm/camel-k/templates/rbacs-descoped.yaml +kustomize build ./pkg/resources/config/helm/descoped/. >> ./helm/camel-k/templates/rbacs-descoped.yaml +printf "{{- end }}\n" >> ./helm/camel-k/templates/rbacs-descoped.yaml