add ServiceAccountMembers & copy roles from sa (#42)

Author: horis233

api/v1/namespacescope_types.go

@@ -31,6 +31,9 @@ type NamespaceScopeSpec struct {
 	// Namespaces that are part of this scope
 	NamespaceMembers []string `json:"namespaceMembers,omitempty"`
 
+	// ServiceAccountMembers are extra service accounts will be bond the roles from other namespaces
+	ServiceAccountMembers []string `json:"serviceAccountMembers,omitempty"`
+
 	// ConfigMap name that will contain the list of namespaces to be watched
 	ConfigmapName string `json:"configmapName,omitempty"`
 

api/v1/zz_generated.deepcopy.go

@@ -60,6 +60,12 @@ spec:
               description: Restart pods with the following labels when the namspace
                 list changes
               type: object
+            serviceAccountMembers:
+              description: ServiceAccountMembers are extra service accounts will be
+                bond the roles from other namespaces
+              items:
+                type: string
+              type: array
           type: object
         status:
           description: NamespaceScopeStatus defines the observed state of NamespaceScope

config/crd/bases/operator.ibm.com_namespacescopes.yaml

@@ -17,10 +17,11 @@
 package constant
 
 const (
-	NamespaceScopeManagedPrefix = "nss-managed-role-from-"
-	NamespaceScopeConfigmapName = "namespace-scope"
-	NamespaceScopeFinalizer     = "finalizer.nss.operator.ibm.com"
-	NamespaceScopeLabel         = "managedby-namespace-scope"
-	DefaultRestartLabelsKey     = "intent"
-	DefaultRestartLabelsValue   = "projected"
+	NamespaceScopeManagedPrefix  = "nss-managed-role-from-"
+	NamespaceScopeConfigmapName  = "namespace-scope"
+	NamespaceScopeFinalizer      = "finalizer.nss.operator.ibm.com"
+	NamespaceScopeLabel          = "managedby-namespace-scope"
+	DefaultRestartLabelsKey      = "intent"
+	DefaultRestartLabelsValue    = "projected"
+	NamespaceScopeServiceAccount = "ibm-namespace-scope-operator"
 )