Dynamically create stash-sidecar ClusterRole in operator (#221)

Fixes #220
stashed · Nov 12, 2017 · d18c00b · d18c00b
1 parent 51530be
commit d18c00b
Show file tree

Hide file tree

Showing 8 changed files with 238 additions and 104 deletions.
diff --git a/chart/stable/stash/templates/cluster-role.yaml b/chart/stable/stash/templates/cluster-role.yaml
@@ -26,15 +26,15 @@ rules:
   resources: ["*"]
   verbs: ["*"]
 - apiGroups:
-  - extensions
+  - apps
   resources:
-  - replicasets
-  - daemonsets
+  - deployments
   verbs: ["get", "list", "watch", "patch"]
 - apiGroups:
-  - apps
+  - extensions
   resources:
-  - deployments
+  - replicasets
+  - daemonsets
   verbs: ["get", "list", "watch", "patch"]
 - apiGroups: [""]
   resources:
@@ -44,7 +44,7 @@ rules:
 - apiGroups: [""]
   resources:
   - configmaps
-  verbs: ["delete"]
+  verbs: ["create", "update", "get", "delete"]
 - apiGroups: [""]
   resources:
   - secrets
@@ -60,6 +60,7 @@ rules:
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
+  - clusterroles
   - rolebindings
   verbs: ["get", "create", "delete", "patch"]
 {{ end }}
diff --git a/chart/stable/stash/templates/deployment.yaml b/chart/stable/stash/templates/deployment.yaml
@@ -7,6 +7,8 @@ metadata:
     app: "{{ template "stash.name" . }}"
     heritage: "{{ .Release.Service }}"
     release: "{{ .Release.Name }}"
+  initializers:
+    pending: []
 spec:
   replicas: {{ .Values.replicaCount }}
   template:

diff --git a/glide.lock b/glide.lock
diff --git a/hack/deploy/with-rbac.yaml b/hack/deploy/with-rbac.yaml
@@ -22,15 +22,15 @@ rules:
   resources: ["*"]
   verbs: ["*"]
 - apiGroups:
-  - extensions
+  - apps
   resources:
-  - replicasets
-  - daemonsets
+  - deployments
   verbs: ["get", "list", "watch", "patch"]
 - apiGroups:
-  - apps
+  - extensions
   resources:
-  - deployments
+  - replicasets
+  - daemonsets
   verbs: ["get", "list", "watch", "patch"]
 - apiGroups: [""]
   resources:
@@ -40,7 +40,7 @@ rules:
 - apiGroups: [""]
   resources:
   - configmaps
-  verbs: ["delete"]
+  verbs: ["create", "update", "get", "delete"]
 - apiGroups: [""]
   resources:
   - secrets
@@ -56,6 +56,7 @@ rules:
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
+  - clusterroles
   - rolebindings
   verbs: ["get", "create", "delete", "patch"]
 ---
@@ -85,10 +86,12 @@ metadata:
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
-  labels:
-    app: stash
   name: stash-operator
   namespace: kube-system
+  labels:
+    app: stash
+  initializers:
+    pending: []
 spec:
   replicas: 1
   selector:
@@ -153,39 +156,3 @@ spec:
     targetPort: http
   selector:
     app: stash
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  labels:
-    app: stash
-  name: stash-sidecar
-rules:
-- apiGroups:
-  - stash.appscode.com
-  resources: ["*"]
-  verbs: ["*"]
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs: ["get"]
-- apiGroups:
-  - extensions
-  resources:
-  - daemonsets
-  - replicasets
-  verbs: ["get"]
-- apiGroups: [""]
-  resources:
-  - replicationcontrollers
-  - secrets
-  verbs: ["get"]
-- apiGroups: [""]
-  resources:
-  - configmaps
-  verbs: ["create", "update", "get"]
-- apiGroups: [""]
-  resources:
-  - events
-  verbs: ["create"]
diff --git a/hack/deploy/without-rbac.yaml b/hack/deploy/without-rbac.yaml
@@ -1,10 +1,12 @@
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
-  labels:
-    app: stash
   name: stash-operator
   namespace: kube-system
+  labels:
+    app: stash
+  initializers:
+    pending: []
 spec:
   replicas: 1
   selector:

diff --git a/vendor/github.com/appscode/kutil/rbac/v1beta1/clusterrole.go b/vendor/github.com/appscode/kutil/rbac/v1beta1/clusterrole.go
diff --git a/vendor/github.com/appscode/kutil/rbac/v1beta1/clusterrolebinding.go b/vendor/github.com/appscode/kutil/rbac/v1beta1/clusterrolebinding.go