diff --git a/README.adoc b/README.adoc index 689e7fa..614283f 100644 --- a/README.adoc +++ b/README.adoc @@ -40,11 +40,12 @@ operator-sdk test local ./test/e2e/ --namespace=cert-operator-test --up-local [source,bash] ---- +oc new-project cert-operator oc process -f build/build.yml | oc apply -f- oc apply -f deploy/service_account.yaml oc apply -f deploy/role.yaml oc apply -f deploy/role_binding.yaml -oc apply -f deploy/deployment.yaml +oc apply -f deploy/operator.yaml ---- == Configuration @@ -208,4 +209,4 @@ oc annotate service dotnet-example openshift.io/cert-ctl-format=pkcs12 --overwri oc annotate service dotnet-example openshift.io/cert-ctl-status=new --overwrite ---- -You will notice two entries in the secret "tls.p12" and "tls-p12-secret.txt" \ No newline at end of file +You will notice two entries in the secret "tls.p12" and "tls-p12-secret.txt" diff --git a/deploy/operator.yaml b/deploy/operator.yaml index 556c2f9..0f3247b 100644 --- a/deploy/operator.yaml +++ b/deploy/operator.yaml @@ -1,6 +1,8 @@ apiVersion: apps/v1 kind: Deployment metadata: + annotations: + alpha.image.policy.openshift.io/resolve-names: "*" name: cert-operator labels: app: cert-operator @@ -18,15 +20,18 @@ spec: spec: containers: - name: cert-operator - image: cert-operator:latest + image: docker-registry.default.svc:5000/cert-operator/cert-operator:latest ports: - containerPort: 60000 name: metrics imagePullPolicy: Always env: - name: WATCH_NAMESPACE + value: "" + - name: POD_NAME valueFrom: fieldRef: - fieldPath: metadata.namespace + fieldPath: metadata.name - name: OPERATOR_NAME value: "cert-operator" + serviceAccountName: cert-operator diff --git a/deploy/role.yaml b/deploy/role.yaml index 2fc99a6..80bc696 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -1,13 +1,72 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: cert-operator-role + name: cert-operator-cluster rules: - apiGroups: - "" attributeRestrictions: null resources: - services + - secrets + - pods + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + - route.openshift.io + attributeRestrictions: null + resources: - routes verbs: + - get + - list + - watch + - update + - apiGroups: + - "route.openshift.io" + resources: + - routes/custom-host + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cert-operator-local +rules: + - apiGroups: + - "" + attributeRestrictions: null + resources: + - pods + - configmaps + verbs: - create + - get + - apiGroups: + - extensions + resources: + - replicasets + - deployments + verbs: + - "get" + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - "get" + - "create" + - apiGroups: + - extensions + resources: + - deployments/finalizers + resourceNames: + - cert-operator + verbs: + - "update" diff --git a/deploy/role_binding.yaml b/deploy/role_binding.yaml index b05a0dc..41bc55f 100644 --- a/deploy/role_binding.yaml +++ b/deploy/role_binding.yaml @@ -1,10 +1,23 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: + name: cert-operator-cluster +roleRef: + kind: ClusterRole + name: cert-operator-cluster +subjects: +- kind: ServiceAccount name: cert-operator + namespace: cert-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cert-operator-local roleRef: kind: ClusterRole - name: cert-operator-role + name: cert-operator-local subjects: - kind: ServiceAccount - name: default + name: cert-operator + namespace: cert-operator