split operator yaml to multiple to support terraform

maordavidov · maordavidov · commit 2360bfe01055 · 2023-01-02T02:13:03.000+02:00
diff --git a/kubernetes/auth-operator.yaml b/kubernetes/auth-operator.yaml
@@ -1,58 +1,3 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  namespace: kube-system
-  name: auth-operator
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: auth-operator-role-cluster
-rules:
-  # Framework: knowing which other operators are running (i.e. peering).
-  - apiGroups: [zalando.org]
-    resources: [kopfpeerings, clusterkopfpeerings]
-    verbs: [list, watch, patch, get]
-
-  # Framework: posting the events about the handlers progress/errors.
-  - apiGroups: [events.k8s.io]
-    resources: [events]
-    verbs: [create]
-  - apiGroups: [""]
-    resources: [events]
-    verbs: [create]
-
-  # Application: watching & handling for the custom resource we declare.
-  - apiGroups: [iamauthenticator.k8s.aws]
-    resources: [iamidentitymappings]
-    verbs: [list, watch, patch, get]
-
-  - apiGroups: [apiextensions.k8s.io]
-    resources: [customresourcedefinitions]
-    verbs: [list, get, update, create, patch]
-
-  - apiGroups:
-      - ""
-    resources:
-      - configmaps
-    verbs:
-      - get
-      - patch
-      - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: auth-operator-rolebinding-cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: auth-operator-role-cluster
-subjects:
-  - kind: ServiceAccount
-    name: auth-operator
-    namespace: kube-system
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
diff --git a/kubernetes/clusterrole.yaml b/kubernetes/clusterrole.yaml
@@ -0,0 +1,35 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: auth-operator-role-cluster
+rules:
+  # Framework: knowing which other operators are running (i.e. peering).
+  - apiGroups: [zalando.org]
+    resources: [kopfpeerings, clusterkopfpeerings]
+    verbs: [list, watch, patch, get]
+
+  # Framework: posting the events about the handlers progress/errors.
+  - apiGroups: [events.k8s.io]
+    resources: [events]
+    verbs: [create]
+  - apiGroups: [""]
+    resources: [events]
+    verbs: [create]
+
+  # Application: watching & handling for the custom resource we declare.
+  - apiGroups: [iamauthenticator.k8s.aws]
+    resources: [iamidentitymappings]
+    verbs: [list, watch, patch, get]
+
+  - apiGroups: [apiextensions.k8s.io]
+    resources: [customresourcedefinitions]
+    verbs: [list, get, update, create, patch]
+
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - patch
+      - update
diff --git a/kubernetes/clusterrolebinding.yaml b/kubernetes/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: auth-operator-rolebinding-cluster
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: auth-operator-role-cluster
+subjects:
+  - kind: ServiceAccount
+    name: auth-operator
+    namespace: kube-system
diff --git a/kubernetes/sa.yaml b/kubernetes/sa.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: kube-system
+  name: auth-operator
