Add labels to aggregate appwrapper editor/viewer role RBACs (#261)

Author: dgrove-oss

config/default/editor_role_patch.yaml

@@ -0,0 +1,7 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: editor-role
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"

config/default/kustomization.yaml

@@ -35,3 +35,7 @@ patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 - path: manager_webhook_patch.yaml
+
+# Add aggregate labels to rbacs
+- path: editor_role_patch.yaml
+- path: viewer_role_patch.yaml

config/default/viewer_role_patch.yaml

@@ -0,0 +1,6 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: viewer-role
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"

config/rbac/appwrapper_editor_role.yaml renamed to config/rbac/editor_role.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/created-by: appwrapper
     app.kubernetes.io/part-of: appwrapper
     app.kubernetes.io/managed-by: kustomize
-  name: appwrapper-editor-role
+  name: editor-role
 rules:
 - apiGroups:
   - workload.codeflare.dev

config/rbac/kustomization.yaml

@@ -10,6 +10,8 @@ resources:
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
 - user_role.yaml
+- editor_role.yaml
+- viewer_role.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.

config/rbac/appwrapper_viewer_role.yaml renamed to config/rbac/viewer_role.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/created-by: appwrapper
     app.kubernetes.io/part-of: appwrapper
     app.kubernetes.io/managed-by: kustomize
-  name: appwrapper-viewer-role
+  name: viewer-role
 rules:
 - apiGroups:
   - workload.codeflare.dev