eae6ba99e2
- Deleted Jenkinsfile as CI/CD configuration is now handled differently. - Updated Chart.yaml to reflect new service name and versioning. - Enhanced values.yaml and values.alpha.yaml with comprehensive operator configuration and environment settings. - Removed obsolete templates for deployment, service, ingress, and monitoring. - Streamlined configuration for RabbitMQ, Jenkins, and ArgoCD integration. Signed-off-by: zhenyus <zhenyus@mathmast.com>
84 lines
3.3 KiB
YAML
84 lines
3.3 KiB
YAML
{{- if .Values.rbac.create -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
|
labels:
|
|
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
|
rules:
|
|
# Core Kubernetes resources
|
|
- apiGroups: [""]
|
|
resources: ["events"]
|
|
verbs: ["create", "patch"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets", "configmaps"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["namespaces"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["services"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
|
|
# Apps resources
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments", "replicasets"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
|
|
# Networking resources
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["ingresses"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: ["networking.k8s.io"]
|
|
resources: ["networkpolicies"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
|
|
# cert-manager resources
|
|
- apiGroups: ["cert-manager.io"]
|
|
resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
|
|
# Argo CD resources
|
|
- apiGroups: ["argoproj.io"]
|
|
resources: ["applications", "appprojects"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
|
|
# Custom resources - FreeleapsDevOps
|
|
- apiGroups: ["freeleaps.com"]
|
|
resources: ["devopsprojects", "argosettings", "jenkinssettings", "containerregistries", "gitcredentials", "deploymentrecords", "ingressresources"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: ["freeleaps.com"]
|
|
resources: ["devopsprojects/status", "argosettings/status", "jenkinssettings/status", "containerregistries/status", "gitcredentials/status", "deploymentrecords/status", "ingressresources/status"]
|
|
verbs: ["get", "update", "patch"]
|
|
- apiGroups: ["freeleaps.com"]
|
|
resources: ["devopsprojects/finalizers", "argosettings/finalizers", "jenkinssettings/finalizers", "containerregistries/finalizers", "gitcredentials/finalizers", "deploymentrecords/finalizers", "ingressresources/finalizers"]
|
|
verbs: ["update"]
|
|
|
|
# Kopf framework requirements
|
|
- apiGroups: ["zalando.org"]
|
|
resources: ["kopfpeerings"]
|
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
|
- apiGroups: ["apiextensions.k8s.io"]
|
|
resources: ["customresourcedefinitions"]
|
|
verbs: ["get", "list", "watch"]
|
|
|
|
# Additional rules from values
|
|
{{- with .Values.rbac.additionalRules }}
|
|
{{- toYaml . | nindent 2 }}
|
|
{{- end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
|
labels:
|
|
{{- include "freeleaps-devops-reconciler.labels" . | nindent 4 }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: {{ include "freeleaps-devops-reconciler.fullname" . }}
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ include "freeleaps-devops-reconciler.serviceAccountName" . }}
|
|
namespace: {{ .Release.Namespace }}
|
|
{{- end }} |