getting started with kubebuilder

config/rbac/bitwardensecret_admin_role.yaml

@@ -0,0 +1,27 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: bitwardensecret-admin-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets
+  verbs:
+  - '*'
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets/status
+  verbs:
+  - get

config/rbac/bitwardensecret_editor_role.yaml

@@ -0,0 +1,33 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: bitwardensecret-editor-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets/status
+  verbs:
+  - get

config/rbac/bitwardensecret_viewer_role.yaml

@@ -0,0 +1,29 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: bitwardensecret-viewer-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets/status
+  verbs:
+  - get

config/rbac/bitwardentemplate_admin_role.yaml

@@ -0,0 +1,27 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: bitwardentemplate-admin-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardentemplates
+  verbs:
+  - '*'
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardentemplates/status
+  verbs:
+  - get

config/rbac/bitwardentemplate_editor_role.yaml

@@ -0,0 +1,33 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: bitwardentemplate-editor-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardentemplates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardentemplates/status
+  verbs:
+  - get

config/rbac/bitwardentemplate_viewer_role.yaml

@@ -0,0 +1,29 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: bitwardentemplate-viewer-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardentemplates
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardentemplates/status
+  verbs:
+  - get

config/rbac/kustomization.yaml

@@ -0,0 +1,34 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# The following RBAC configurations are used to protect
+# the metrics endpoint with authn/authz. These configurations
+# ensure that only authorized users and service accounts
+# can access the metrics endpoint. Comment the following
+# permissions if you want to disable this protection.
+# More info: https://book.kubebuilder.io/reference/metrics.html
+- metrics_auth_role.yaml
+- metrics_auth_role_binding.yaml
+- metrics_reader_role.yaml
+# For each CRD, "Admin", "Editor" and "Viewer" roles are scaffolded by
+# default, aiding admins in cluster management. Those roles are
+# not used by the {{ .ProjectName }} itself. You can comment the following lines
+# if you do not want those helpers be installed with your Project.
+- registrycredential_admin_role.yaml
+- registrycredential_editor_role.yaml
+- registrycredential_viewer_role.yaml
+- bitwardentemplate_admin_role.yaml
+- bitwardentemplate_editor_role.yaml
+- bitwardentemplate_viewer_role.yaml
+- bitwardensecret_admin_role.yaml
+- bitwardensecret_editor_role.yaml
+- bitwardensecret_viewer_role.yaml
+

config/rbac/leader_election_role.yaml

@@ -0,0 +1,40 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

config/rbac/leader_election_role_binding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/metrics_auth_role.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create

config/rbac/metrics_auth_role_binding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-auth-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/metrics_reader_role.yaml

@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get

config/rbac/registrycredential_admin_role.yaml

@@ -0,0 +1,27 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants full permissions ('*') over lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu.
+# This role is intended for users authorized to modify roles and bindings within the cluster,
+# enabling them to delegate specific permissions to other users or groups as needed.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: registrycredential-admin-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - registrycredentials
+  verbs:
+  - '*'
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - registrycredentials/status
+  verbs:
+  - get

config/rbac/registrycredential_editor_role.yaml

@@ -0,0 +1,33 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants permissions to create, update, and delete resources within the lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu.
+# This role is intended for users who need to manage these resources
+# but should not control RBAC or manage permissions for others.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: registrycredential-editor-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - registrycredentials
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - registrycredentials/status
+  verbs:
+  - get

config/rbac/registrycredential_viewer_role.yaml

@@ -0,0 +1,29 @@
+# This rule is not used by the project new itself.
+# It is provided to allow the cluster admin to help manage permissions for users.
+#
+# Grants read-only access to lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu resources.
+# This role is intended for users who need visibility into these resources
+# without permissions to modify them. It is ideal for monitoring purposes and limited-access viewing.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: registrycredential-viewer-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - registrycredentials
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - registrycredentials/status
+  verbs:
+  - get

config/rbac/role.yaml

@@ -0,0 +1,38 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manager-role
+rules:
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets
+  - bitwardentemplates
+  - registrycredentials
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets/finalizers
+  - bitwardentemplates/finalizers
+  - registrycredentials/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - lerentis.uploadfilter24.eu.lerentis.uploadfilter24.eu
+  resources:
+  - bitwardensecrets/status
+  - bitwardentemplates/status
+  - registrycredentials/status
+  verbs:
+  - get
+  - patch
+  - update

config/rbac/role_binding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: manager-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/service_account.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: new
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager
+  namespace: system