Skip to content

Commit

Permalink
feat(install): Separate namespaced and descoped rbacs
Browse files Browse the repository at this point in the history
Ref #3165
  • Loading branch information
gansheer committed Nov 13, 2023
1 parent 410d18a commit f4eb25d
Show file tree
Hide file tree
Showing 34 changed files with 851 additions and 76 deletions.
38 changes: 38 additions & 0 deletions config/rbac/descoped/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

#
# rbac resources applicable for all kubernetes platforms - global operator
#
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- operator-cluster-role-events.yaml
- operator-cluster-role-knative.yaml
- operator-cluster-role.yaml
- operator-cluster-role-keda.yaml
- operator-cluster-role-leases.yaml
- operator-cluster-role-podmonitors.yaml
- operator-cluster-role-strimzi.yaml
- operator-cluster-role-binding-events.yaml
- operator-cluster-role-binding-keda.yaml
- operator-cluster-role-binding-knative.yaml
- operator-cluster-role-binding-leases.yaml
- operator-cluster-role-binding-podmonitors.yaml
- operator-cluster-role-binding-strimzi.yaml
- operator-cluster-role-binding.yaml
31 changes: 31 additions & 0 deletions config/rbac/descoped/operator-cluster-role-binding-events.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-events
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator-events
apiGroup: rbac.authorization.k8s.io
31 changes: 31 additions & 0 deletions config/rbac/descoped/operator-cluster-role-binding-keda.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-keda
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator-keda
apiGroup: rbac.authorization.k8s.io
31 changes: 31 additions & 0 deletions config/rbac/descoped/operator-cluster-role-binding-knative.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-knative
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator-knative
apiGroup: rbac.authorization.k8s.io
31 changes: 31 additions & 0 deletions config/rbac/descoped/operator-cluster-role-binding-leases.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-leases
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator-leases
apiGroup: rbac.authorization.k8s.io
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-podmonitors
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator-podmonitors
apiGroup: rbac.authorization.k8s.io
31 changes: 31 additions & 0 deletions config/rbac/descoped/operator-cluster-role-binding-strimzi.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-strimzi
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator-strimzi
apiGroup: rbac.authorization.k8s.io
31 changes: 31 additions & 0 deletions config/rbac/descoped/operator-cluster-role-binding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator
labels:
app: "camel-k"
subjects:
- kind: ServiceAccount
name: camel-k-operator
namespace: placeholder
roleRef:
kind: ClusterRole
name: camel-k-operator
apiGroup: rbac.authorization.k8s.io
34 changes: 34 additions & 0 deletions config/rbac/descoped/operator-cluster-role-events.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-events
labels:
app: "camel-k"
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- get
- list
- watch
38 changes: 38 additions & 0 deletions config/rbac/descoped/operator-cluster-role-keda.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# ---------------------------------------------------------------------------
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ---------------------------------------------------------------------------

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: camel-k-operator-keda
labels:
app: "camel-k"
rules:
- apiGroups:
- "keda.sh"
resources:
- scaledobjects
- triggerauthentications
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
Loading

0 comments on commit f4eb25d

Please sign in to comment.