permissions for operator

2022-09-09 23:27:28 +02:00 · 2022-09-09 23:27:28 +02:00 · c7d3e3a997
commit c7d3e3a997
parent c33f80b448
6 changed files with 29 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -2,4 +2,3 @@

 [![Build Status](https://drone.uploadfilter24.eu/api/badges/lerentis/bitwarden-crd-operator/status.svg?ref=refs/heads/main)](https://drone.uploadfilter24.eu/lerentis/bitwarden-crd-operator)

-Test from gitnext
--- a/bitwarden-crd-operator.py
+++ b/bitwarden-crd-operator.py
@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 import kopf

-@kopf.on.create('bitwarden-secret')
+@kopf.on.create('bitwarden-secrets.lerentis.uploadfilter24')
 def create_fn(body, **kwargs):

    # The all-purpose function for the event creation.
--- a/chart/bitwarden-crd-operator/templates/clusterrole.yaml
+++ b/chart/bitwarden-crd-operator/templates/clusterrole.yaml
@ -0,0 +1,14 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
+rules:
+- apiGroups: ["lerentis.uploadfilter24.eu"]
+  resources: ["bitwarden-secrets"]
+  verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
+- apiGroups: ["v1"]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list", "create", "delete", "patch", "update"]
+- apiGroups: [""]
+  resources: [events]
+  verbs: [create]
--- a/chart/bitwarden-crd-operator/templates/rolebinding.yaml
+++ b/chart/bitwarden-crd-operator/templates/rolebinding.yaml
@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-binding
+subjects:
+- kind: ServiceAccount
+  name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "bitwarden-crd-operator.serviceAccountName" . }}-role
+  apiGroup: rbac.authorization.k8s.io
--- a/chart/bitwarden-crd-operator/templates/serviceaccount.yaml
+++ b/chart/bitwarden-crd-operator/templates/serviceaccount.yaml
@ -9,4 +9,4 @@ metadata:
  annotations:
    {{- toYaml . | nindent 4 }}
  {{- end }}
-{{- end }}
+{{- end }}
--- a/chart/bitwarden-crd-operator/values.yaml
+++ b/chart/bitwarden-crd-operator/values.yaml
@ -8,7 +8,7 @@ image:
  repository: lerentis/bitwarden-crd-operator
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
-  tag: "68ba68fb46c48c61e484de7ea5c19d1f14dec915"
+  tag: "c33f80b448e0a7098eb075811108256ed52e5b21"

 imagePullSecrets: []
 nameOverride: ""