Remove boilerplate RBAC, fix config structure for kustomize 2.0

kubernetes-sigs/kubebuilder#595 (comment)
djwhatle · May 8, 2019 · 4cb837b · 4cb837b
1 parent 9d4554b
commit 4cb837b
Show file tree

Hide file tree

Showing 9 changed files with 15 additions and 129 deletions.
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -12,21 +12,9 @@ namePrefix: mig-controller-
 #commonLabels:
 #  someName: someValue
 
-# Each entry in this list must resolve to an existing
-# resource definition in YAML.  These are the resource
-# files that kustomize reads, modifies and emits as a
-# YAML string, with resources separated by document
-# markers ("---").
-resources:
-- ../rbac/rbac_role.yaml
-- ../rbac/rbac_role_binding.yaml
-- ../manager/manager.yaml
-  # Comment the following 3 lines if you want to disable
-  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-  # which protects your /metrics endpoint.
-- ../rbac/auth_proxy_service.yaml
-- ../rbac/auth_proxy_role.yaml
-- ../rbac/auth_proxy_role_binding.yaml
+bases:
+- ../rbac
+- ../manager
 
 patches:
 - manager_image_patch.yaml

diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- manager.yaml
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -0,0 +1,9 @@
+resources:
+- rbac_role.yaml
+- rbac_role_binding.yaml
+  # Comment the following 3 lines if you want to disable
+  # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
+  # which protects your /metrics endpoint.
+- auth_proxy_service.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml
@@ -44,26 +44,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -84,26 +64,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -124,26 +84,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -164,26 +104,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:
@@ -204,26 +124,6 @@ rules:
   - get
   - update
   - patch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - update
-  - patch
 - apiGroups:
   - migration.openshift.io
   resources:

diff --git a/pkg/controller/migcluster/migcluster_controller.go b/pkg/controller/migcluster/migcluster_controller.go
@@ -111,8 +111,6 @@ type ReconcileMigCluster struct {
 
 // Reconcile reads that state of the cluster for a MigCluster object and makes changes based on the state read
 // and what is in the MigCluster.Spec
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migclusters,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migclusters/status,verbs=get;update;patch
 func (r *ReconcileMigCluster) Reconcile(request reconcile.Request) (reconcile.Result, error) {

diff --git a/pkg/controller/migmigration/migmigration_controller.go b/pkg/controller/migmigration/migmigration_controller.go
@@ -88,9 +88,6 @@ type ReconcileMigMigration struct {
 }
 
 // Reconcile performs Migrations based on the data in MigMigration
-// Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migmigrations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migmigrations/status,verbs=get;update;patch
 func (r *ReconcileMigMigration) Reconcile(request reconcile.Request) (reconcile.Result, error) {

diff --git a/pkg/controller/migplan/migplan_controller.go b/pkg/controller/migplan/migplan_controller.go
@@ -114,8 +114,6 @@ type ReconcileMigPlan struct {
 }
 
 // Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migplans,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migplans/status,verbs=get;update;patch
 func (r *ReconcileMigPlan) Reconcile(request reconcile.Request) (reconcile.Result, error) {

diff --git a/pkg/controller/migstage/migstage_controller.go b/pkg/controller/migstage/migstage_controller.go
@@ -105,11 +105,6 @@ type ReconcileMigStage struct {
 
 // Reconcile reads that state of the cluster for a MigStage object and makes changes based on the state read
 // and what is in the MigStage.Spec
-// TODO(user): Modify this Reconcile function to implement your Controller logic.  The scaffolding writes
-// a Deployment as an example
-// Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstages,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstages/status,verbs=get;update;patch
 func (r *ReconcileMigStage) Reconcile(request reconcile.Request) (reconcile.Result, error) {

diff --git a/pkg/controller/migstorage/migstorage_controller.go b/pkg/controller/migstorage/migstorage_controller.go
@@ -18,6 +18,7 @@ package migstorage
 
 import (
 	"context"
+
 	migapi "github.com/fusor/mig-controller/pkg/apis/migration/v1alpha1"
 	migref "github.com/fusor/mig-controller/pkg/reference"
 	kapi "k8s.io/api/core/v1"
@@ -92,8 +93,6 @@ type ReconcileMigStorage struct {
 }
 
 // Automatically generate RBAC rules to allow the Controller to read and write Deployments
-// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstorages,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=migration.openshift.io,resources=migstorages/status,verbs=get;update;patch
 func (r *ReconcileMigStorage) Reconcile(request reconcile.Request) (reconcile.Result, error) {