diff --git a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc index 133753a..df777cc 100644 --- a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc +++ b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-docs.adoc @@ -65,9 +65,6 @@ app: name: kc-client-operator image: repository: "onecx/onecx-iam-kc-client-operator" - env: - # See watchNamespaces - "QUARKUS_OPERATOR_SDK_CONTROLLERS_KC_NAMESPACES": "JOSDK_WATCH_CURRENT" envCustom: - name: KUBERNETES_NAMESPACE valueFrom: @@ -76,6 +73,14 @@ app: serviceAccount: enabled: true +---- + +ueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccount: + enabled: true + # Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces watchNamespaces: "JOSDK_WATCH_CURRENT" diff --git a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc index b15463b..2c1e2e8 100644 --- a/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc +++ b/docs/modules/onecx-iam-kc-client-operator/pages/onecx-iam-kc-client-operator-extensions.adoc @@ -11,93 +11,93 @@ h| Version | tkit-quarkus-log-cdi | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] +| 2.31.0 | tkit-quarkus-log-rs | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] +| 2.31.0 | tkit-quarkus-log-json | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] +| 2.31.0 | quarkus-arc | https://quarkus.io/guides/cdi-reference[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-micrometer-registry-prometheus | https://quarkus.io/guides/telemetry-micrometer[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-opentelemetry | https://quarkus.io/guides/opentelemetry[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-rest-client | https://quarkus.io/guides/rest-client[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest-client.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-rest-client-jackson | https://quarkus.io/guides/rest-client[Link] | -| 3.12.2 +| 3.13.2 | tkit-quarkus-security | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] +| 2.31.0 | onecx-core | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link] | -| 0.24.0 +| 0.26.0 | quarkus-smallrye-health | https://quarkus.io/guides/smallrye-health[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-container-image-docker | https://quarkus.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-operator-sdk-bundle-generator | | -| 6.7.1 +| 6.7.3 | quarkus-operator-sdk | | -| 6.7.1 +| 6.7.3 | quarkus-keycloak-admin-rest-client | | -| 3.12.2 +| 3.13.2 |=== \ No newline at end of file diff --git a/src/main/helm/crds/keycloakclients.onecx.tkit.org-v1.yml b/src/main/helm/crds/keycloakclients.onecx.tkit.org-v1.yml deleted file mode 100644 index a7ca9c4..0000000 --- a/src/main/helm/crds/keycloakclients.onecx.tkit.org-v1.yml +++ /dev/null @@ -1,98 +0,0 @@ -# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: keycloakclients.onecx.tkit.org -spec: - group: onecx.tkit.org - names: - kind: KeycloakClient - plural: keycloakclients - singular: keycloakclient - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - kcConfig: - properties: - attributes: - additionalProperties: - type: string - type: object - bearerOnly: - type: boolean - clientAuthenticatorType: - type: string - clientId: - type: string - defaultClientScopes: - items: - type: string - type: array - description: - type: string - directAccessGrantsEnabled: - type: boolean - enabled: - type: boolean - implicitFlowEnabled: - type: boolean - optionalClientScopes: - items: - type: string - type: array - password: - type: string - protocol: - type: string - publicClient: - type: boolean - redirectUris: - items: - type: string - type: array - serviceAccountsEnabled: - type: boolean - standardFlowEnabled: - type: boolean - webOrigins: - items: - type: string - type: array - type: object - passwordKey: - type: string - passwordSecrets: - type: string - realm: - type: string - type: - type: string - type: object - status: - properties: - clientId: - type: string - message: - type: string - observedGeneration: - type: integer - response-code: - type: integer - status: - enum: - - CREATED - - ERROR - - UNDEFINED - - UPDATED - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/src/main/helm/templates/kc-client-cluster-role-binding.yaml b/src/main/helm/templates/kc-client-cluster-role-binding.yaml deleted file mode 100644 index 1c2995f..0000000 --- a/src/main/helm/templates/kc-client-cluster-role-binding.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ if eq $.Values.watchNamespaces "JOSDK_WATCH_CURRENT" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} -{{ else if eq $.Values.watchNamespaces "JOSDK_ALL_NAMESPACES" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} - namespace: {{ $.Release.Namespace }} -{{ else }} -{{ range $anamespace := ( split "," $.Values.watchNamespaces ) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding - namespace: {{ $anamespace }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} - namespace: {{ $.Release.Namespace }} ---- -{{- end }} -{{- end }} \ No newline at end of file diff --git a/src/main/helm/templates/operator-cluster-role-binding.yaml b/src/main/helm/templates/operator-cluster-role-binding.yaml deleted file mode 100644 index 5e739ff..0000000 --- a/src/main/helm/templates/operator-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-validating-role-binding -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-validating-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} - namespace: {{ .Release.Namespace }} diff --git a/src/main/helm/templates/operator-cluster-role.yaml b/src/main/helm/templates/operator-cluster-role.yaml deleted file mode 100644 index 4d51a68..0000000 --- a/src/main/helm/templates/operator-cluster-role.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-validating-cluster-role -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list diff --git a/src/main/helm/templates/role-binding.yaml b/src/main/helm/templates/role-binding.yaml new file mode 100644 index 0000000..d7ac2eb --- /dev/null +++ b/src/main/helm/templates/role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ .Release.Name }}-{{ .Values.app.name }}-role +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-{{ .Values.app.name }} diff --git a/src/main/helm/templates/kc-client-cluster-role.yaml b/src/main/helm/templates/role.yaml similarity index 80% rename from src/main/helm/templates/kc-client-cluster-role.yaml rename to src/main/helm/templates/role.yaml index d1bcc26..ed98b24 100644 --- a/src/main/helm/templates/kc-client-cluster-role.yaml +++ b/src/main/helm/templates/role.yaml @@ -1,27 +1,27 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -rules: - - apiGroups: - - "onecx.tkit.org" - resources: - - "keycloakclients" - - "keycloakclients/status" - - "keycloakclients/finalizers" - verbs: - - "get" - - "list" - - "watch" - - "patch" - - "update" - - "create" - - "delete" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-{{ .Values.app.name }}-role +rules: + - apiGroups: + - "onecx.tkit.org" + resources: + - "keycloakclients" + - "keycloakclients/status" + - "keycloakclients/finalizers" + verbs: + - "get" + - "list" + - "watch" + - "patch" + - "update" + - "create" + - "delete" + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list - watch \ No newline at end of file diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml index e1edec1..425226e 100644 --- a/src/main/helm/values.yaml +++ b/src/main/helm/values.yaml @@ -2,9 +2,6 @@ app: name: kc-client-operator image: repository: "onecx/onecx-iam-kc-client-operator" - env: - # See watchNamespaces - "QUARKUS_OPERATOR_SDK_CONTROLLERS_KC_NAMESPACES": "JOSDK_WATCH_CURRENT" envCustom: - name: KUBERNETES_NAMESPACE valueFrom: @@ -12,6 +9,3 @@ app: fieldPath: metadata.namespace serviceAccount: enabled: true - -# Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces -watchNamespaces: "JOSDK_WATCH_CURRENT" diff --git a/src/main/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientController.java b/src/main/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientController.java index 66867f2..174c309 100644 --- a/src/main/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientController.java +++ b/src/main/java/org/tkit/onecx/iam/kc/client/operator/KeycloakClientController.java @@ -24,7 +24,7 @@ import io.javaoperatorsdk.operator.processing.event.source.filter.OnUpdateFilter; import io.javaoperatorsdk.operator.processing.event.source.informer.InformerEventSource; -@ControllerConfiguration(name = "kc", onAddFilter = KeycloakClientController.AddFilter.class, onUpdateFilter = KeycloakClientController.UpdateFilter.class) +@ControllerConfiguration(name = "kc", namespaces = Constants.WATCH_CURRENT_NAMESPACE, onAddFilter = KeycloakClientController.AddFilter.class, onUpdateFilter = KeycloakClientController.UpdateFilter.class) public class KeycloakClientController implements Reconciler, ErrorStatusHandler, Cleaner, EventSourceInitializer {