Skip to content

Commit

Permalink
Merge pull request #21 from larsks/feature/groupsync
Browse files Browse the repository at this point in the history
Sync ocp groups with github team membership
  • Loading branch information
larsks committed Jun 27, 2022
2 parents 8536ba5 + 8995691 commit 3ae0dea
Show file tree
Hide file tree
Showing 17 changed files with 131 additions and 2 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
kind: Namespace
metadata:
name: group-sync-operator
spec: {}
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: group-sync-operator
resources:
- operatorgroup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: group-sync-operator
spec:
targetNamespaces:
- group-sync-operator
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: group-sync-operator
resources:
- subscription.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: group-sync-operator
spec:
channel: alpha
installPlanApproval: Automatic
name: group-sync-operator
source: community-operators
sourceNamespace: openshift-marketplace
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admins-nerc-portforward
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: allow-portforward-all
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: cluster-admins
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- clusterrolebinding.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: allow-portforward-all
rules:
- apiGroups:
- ""
resources:
- "pods/portforward"
verbs:
- "*"
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- clusterrole.yaml
2 changes: 2 additions & 0 deletions cluster-scope/bundles/cluster-admin-rbac/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,5 @@ resources:
- ../../base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-sudoer
- ../../base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-reader
- ../../base/user.openshift.io/groups/cluster-admins
- ../../base/rbac.authorization.k8s.io/clusterroles/allow-portforward-all
- ../../base/rbac.authorization.k8s.io/clusterrolebindings/cluster-admins-nerc-portforward
6 changes: 6 additions & 0 deletions cluster-scope/bundles/group-sync-operator/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base/core/namespaces/group-sync-operator
- ../../base/operators.coreos.com/operatorgroups/group-sync-operator
- ../../base/operators.coreos.com/subscriptions/group-sync-operator
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nerc-ops-cluster-reader
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-reader
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: nerc-ops
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nerc-ops-portforward
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: allow-portforward-all
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: nerc-ops
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nerc-ops-sudoers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: sudoer
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: nerc-ops
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: redhatcop.redhat.io/v1alpha1
kind: GroupSync
metadata:
name: github-ocp-on-nerc
namespace: group-sync-operator
spec:
providers:
- name: github
github:
organization: ocp-on-nerc
prune: true
credentialsSecret:
name: github-ocp-on-nerc
namespace: group-sync-operator
8 changes: 6 additions & 2 deletions cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ resources:
- machineconfigs/configure-bond0
- nodenetworkconfigurationpolicies/vlan-2177-nese.yaml

- groupsyncs/github-ocp-on-nerc.yaml
- clusterrolebindings/nerc-ops-cluster-reader.yaml
- clusterrolebindings/nerc-ops-sudoers.yaml
- clusterrolebindings/nerc-ops-portforward.yaml

patches:
- path: oauths/cluster_patch.yaml
- path: groups/cluster-admins_patch.yaml
- path: oauths/cluster_patch.yaml

0 comments on commit 3ae0dea

Please sign in to comment.