From f15f752d793cd16fdd80577d97205c626a7f5750 Mon Sep 17 00:00:00 2001 From: Pasquale Congiusti Date: Tue, 26 Nov 2024 08:26:28 +0100 Subject: [PATCH] fix(install): namespaced openshift resources --- pkg/install/operator.go | 8 +-- ...l => operator-role-binding-openshift.yaml} | 10 +-- ...hift.yaml => operator-role-openshift.yaml} | 70 +++++++++++++++++-- script/Makefile | 1 - 4 files changed, 75 insertions(+), 14 deletions(-) rename pkg/resources/config/rbac/namespaced/{operator-cluster-role-console-binding-openshift.yaml => operator-role-binding-openshift.yaml} (86%) rename pkg/resources/config/rbac/namespaced/{operator-cluster-role-console-openshift.yaml => operator-role-openshift.yaml} (52%) diff --git a/pkg/install/operator.go b/pkg/install/operator.go index 6f0ebd8ac6..082cd9cc08 100644 --- a/pkg/install/operator.go +++ b/pkg/install/operator.go @@ -467,13 +467,13 @@ func installClusterRoleBinding(ctx context.Context, c client.Client, collection func installOpenShiftRoles(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool, global bool) error { if global { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/config/rbac/openshift/descoped/operator-cluster-role-openshift.yaml", - "/config/rbac/openshift/descoped/operator-cluster-role-binding-openshift.yaml", + "/config/rbac/descoped/operator-cluster-role-openshift.yaml", + "/config/rbac/descoped/operator-cluster-role-binding-openshift.yaml", ) } else { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/config/rbac/openshift/namespaced/operator-role-openshift.yaml", - "/config/rbac/openshift/namespaced/operator-role-binding-openshift.yaml", + "/config/rbac/namespaced/operator-role-openshift.yaml", + "/config/rbac/namespaced/operator-role-binding-openshift.yaml", ) } } diff --git a/pkg/resources/config/rbac/namespaced/operator-cluster-role-console-binding-openshift.yaml b/pkg/resources/config/rbac/namespaced/operator-role-binding-openshift.yaml similarity index 86% rename from pkg/resources/config/rbac/namespaced/operator-cluster-role-console-binding-openshift.yaml rename to pkg/resources/config/rbac/namespaced/operator-role-binding-openshift.yaml index f99d5486a5..14eef9d774 100644 --- a/pkg/resources/config/rbac/namespaced/operator-cluster-role-console-binding-openshift.yaml +++ b/pkg/resources/config/rbac/namespaced/operator-role-binding-openshift.yaml @@ -15,16 +15,16 @@ # limitations under the License. # --------------------------------------------------------------------------- -kind: ClusterRoleBinding +kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: camel-k-operator-console-openshift + name: camel-k-operator-openshift labels: app: "camel-k" subjects: - kind: ServiceAccount name: camel-k-operator roleRef: - kind: ClusterRole - name: camel-k-operator-console-openshift - apiGroup: rbac.authorization.k8s.io + kind: Role + name: camel-k-operator-openshift + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/pkg/resources/config/rbac/namespaced/operator-cluster-role-console-openshift.yaml b/pkg/resources/config/rbac/namespaced/operator-role-openshift.yaml similarity index 52% rename from pkg/resources/config/rbac/namespaced/operator-cluster-role-console-openshift.yaml rename to pkg/resources/config/rbac/namespaced/operator-role-openshift.yaml index c0b6c10ec6..b3fc88cbee 100644 --- a/pkg/resources/config/rbac/namespaced/operator-cluster-role-console-openshift.yaml +++ b/pkg/resources/config/rbac/namespaced/operator-role-openshift.yaml @@ -15,17 +15,31 @@ # limitations under the License. # --------------------------------------------------------------------------- -kind: ClusterRole +kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: camel-k-operator-console-openshift + name: camel-k-operator-openshift labels: app: "camel-k" rules: - apiGroups: - - console.openshift.io + - camel.apache.org resources: - - consoleclidownloads + - builds/finalizers + - integrationkits/finalizers + - integrationplatforms/finalizers + - integrationprofiles/finalizers + - integrations/finalizers + - pipes/finalizers + verbs: + - update +- apiGroups: + - "" + - "build.openshift.io" + resources: + - buildconfigs + - buildconfigs/webhooks + - builds verbs: - create - delete @@ -35,3 +49,51 @@ rules: - patch - update - watch +- apiGroups: + - "" + - "image.openshift.io" + resources: + - imagestreamimages + - imagestreammappings + - imagestreams + - imagestreams/secrets + - imagestreamtags + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - build.openshift.io + resources: + - buildconfigs/instantiate + - buildconfigs/instantiatebinary + - builds/clone + verbs: + - create +- apiGroups: + - "" + - "route.openshift.io" + resources: + - routes + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create \ No newline at end of file diff --git a/script/Makefile b/script/Makefile index 834cf36012..dafb7b369e 100644 --- a/script/Makefile +++ b/script/Makefile @@ -743,7 +743,6 @@ ifdef OPERATOR_ID @sed -i 's/value: .*/value: $(OPERATOR_ID)/' $(KUST_TMP)/$(KUSTOMIZE_DIR)/patch-operator-id.yaml @echo "INFO: adding a suffix for ClusterRoleBindings $(OPERATOR_ID)" cd $(KUST_TMP)/install/base/config/rbac/descoped && kustomize edit set namesuffix -- -$(OPERATOR_ID) - cd $(KUST_TMP)/install/base/config/rbac/openshift/descoped && kustomize edit set namesuffix -- -$(OPERATOR_ID) else @echo "INFO: no operator ID variable \"OPERATOR_ID\" provided. Keeping default." endif