Skip to content

Commit 53f4c56

Browse files
tmshorttmshort
committed
WIP: pull rbac/webhooks back into templates
Signed-off-by: Todd Short <[email protected]>
1 parent 4b7376f commit 53f4c56

13 files changed

+378
-590
lines changed

helm/olmv1/base/catalogd/rbac/standard/role.yaml

Lines changed: 0 additions & 60 deletions
This file was deleted.

helm/olmv1/base/catalogd/webhook/experimental/manifests.yaml

Lines changed: 0 additions & 37 deletions
This file was deleted.

helm/olmv1/base/catalogd/webhook/standard/manifests.yaml

Lines changed: 0 additions & 37 deletions
This file was deleted.

helm/olmv1/base/operator-controller/rbac/standard/role.yaml

Lines changed: 0 additions & 99 deletions
This file was deleted.

helm/olmv1/templates/06-role-olmv1-system-catalogd-manager-role.yml

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,23 @@
11
{{- if .Values.components.catalogd.enabled }}
2-
{{- if (eq .Values.featureSet "standard") }}
3-
{{ tpl (.Files.Get "base/catalogd/rbac/standard/role.yaml") . }}
4-
{{- else if (eq .Values.featureSet "experimental") }}
5-
{{ tpl (.Files.Get "base/catalogd/rbac/experimental/role.yaml") . }}
6-
{{- end }}
2+
apiVersion: rbac.authorization.k8s.io/v1
3+
kind: Role
4+
metadata:
5+
name: catalogd-manager-role
6+
namespace: {{ .Values.namespaces.olmv1.name }}
7+
labels:
8+
app.kubernetes.io/name: catalogd
9+
{{- include "olmv1.labels" . | nindent 4 }}
10+
annotations:
11+
{{- include "olmv1.annotations" . | nindent 4 }}
12+
rules:
13+
- apiGroups:
14+
- ""
15+
resources:
16+
- secrets
17+
- serviceaccounts
18+
verbs:
19+
- get
20+
- list
21+
- watch
22+
{{- include "olmv1.catalogd.role.rules" . | nindent 2 }}
723
{{- end }}

helm/olmv1/templates/08-role-olmv1-system-operator-controller-manager-role.yml

Lines changed: 33 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,35 @@
11
{{- if .Values.components.operatorController.enabled }}
2-
{{- if (eq .Values.featureSet "standard") }}
3-
{{ tpl (.Files.Get "base/operator-controller/rbac/standard/role.yaml") . }}
4-
{{- else if (eq .Values.featureSet "experimental") }}
5-
{{ tpl (.Files.Get "base/operator-controller/rbac/experimental/role.yaml") . }}
6-
{{- end }}
2+
apiVersion: rbac.authorization.k8s.io/v1
3+
kind: Role
4+
metadata:
5+
name: operator-controller-manager-role
6+
namespace: {{ .Values.namespaces.olmv1.name }}
7+
labels:
8+
app.kubernetes.io/name: operator-controller
9+
{{- include "olmv1.labels" . | nindent 4 }}
10+
annotations:
11+
{{- include "olmv1.annotations" . | nindent 4 }}
12+
rules:
13+
- apiGroups:
14+
- ""
15+
resources:
16+
- secrets
17+
verbs:
18+
- create
19+
- delete
20+
- deletecollection
21+
- get
22+
- list
23+
- patch
24+
- update
25+
- watch
26+
- apiGroups:
27+
- ""
28+
resources:
29+
- serviceaccounts
30+
verbs:
31+
- get
32+
- list
33+
- watch
34+
{{- include "olmv1.operatorController.role.rules" . | nindent 2 }}
735
{{- end }}

helm/olmv1/base/catalogd/rbac/experimental/role.yaml renamed to helm/olmv1/templates/09-clusterrole-catalogd-manager-role.yml

Lines changed: 2 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
---
1+
{{- if .Values.components.catalogd.enabled }}
22
apiVersion: rbac.authorization.k8s.io/v1
33
kind: ClusterRole
44
metadata:
@@ -36,25 +36,4 @@ rules:
3636
- patch
3737
- update
3838
{{- include "olmv1.catalogd.clusterRole.rules" . | nindent 2 }}
39-
---
40-
apiVersion: rbac.authorization.k8s.io/v1
41-
kind: Role
42-
metadata:
43-
name: catalogd-manager-role
44-
namespace: {{ .Values.namespaces.olmv1.name }}
45-
labels:
46-
app.kubernetes.io/name: catalogd
47-
{{- include "olmv1.labels" . | nindent 4 }}
48-
annotations:
49-
{{- include "olmv1.annotations" . | nindent 4 }}
50-
rules:
51-
- apiGroups:
52-
- ""
53-
resources:
54-
- secrets
55-
- serviceaccounts
56-
verbs:
57-
- get
58-
- list
59-
- watch
60-
{{- include "olmv1.catalogd.role.rules" . | nindent 2 }}
39+
{{- end }}

helm/olmv1/base/operator-controller/rbac/experimental/role.yaml renamed to helm/olmv1/templates/14-clusterrole-operator-controller-manager-role.yml

Lines changed: 2 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
---
1+
{{- if .Values.components.operatorController.enabled }}
22
apiVersion: rbac.authorization.k8s.io/v1
33
kind: ClusterRole
44
metadata:
@@ -63,37 +63,4 @@ rules:
6363
- list
6464
- watch
6565
{{- include "olmv1.operatorController.clusterRole.rules" . | nindent 2 }}
66-
---
67-
apiVersion: rbac.authorization.k8s.io/v1
68-
kind: Role
69-
metadata:
70-
name: operator-controller-manager-role
71-
namespace: {{ .Values.namespaces.olmv1.name }}
72-
labels:
73-
app.kubernetes.io/name: operator-controller
74-
{{- include "olmv1.labels" . | nindent 4 }}
75-
annotations:
76-
{{- include "olmv1.annotations" . | nindent 4 }}
77-
rules:
78-
- apiGroups:
79-
- ""
80-
resources:
81-
- secrets
82-
verbs:
83-
- create
84-
- delete
85-
- deletecollection
86-
- get
87-
- list
88-
- patch
89-
- update
90-
- watch
91-
- apiGroups:
92-
- ""
93-
resources:
94-
- serviceaccounts
95-
verbs:
96-
- get
97-
- list
98-
- watch
99-
{{- include "olmv1.operatorController.role.rules" . | nindent 2 }}
66+
{{- end }}

0 commit comments

Comments
 (0)