From 584f589e4d09d79900c68d0246d6fb4f11852452 Mon Sep 17 00:00:00 2001 From: Andrej Petras Date: Wed, 21 Aug 2024 14:00:09 +0200 Subject: [PATCH 1/2] feat: remove crds and switch from clusterrole to role --- ...onecx-k8s-db-postgresql-operator-docs.adoc | 13 ++-- ...k8s-db-postgresql-operator-extensions.adoc | 36 +++++------ .../helm/crds/databases.onecx.tkit.org-v1.yml | 63 ------------------- .../operator-cluster-role-binding.yaml | 12 ---- .../helm/templates/operator-cluster-role.yaml | 12 ---- .../product-cluster-role-binding.yaml | 43 ------------- src/main/helm/templates/role-binding.yaml | 11 ++++ .../{product-cluster-role.yaml => role.yaml} | 4 +- src/main/helm/values.yaml | 7 --- .../operator/DatabaseController.java | 2 +- 10 files changed, 41 insertions(+), 162 deletions(-) delete mode 100644 src/main/helm/crds/databases.onecx.tkit.org-v1.yml delete mode 100644 src/main/helm/templates/operator-cluster-role-binding.yaml delete mode 100644 src/main/helm/templates/operator-cluster-role.yaml delete mode 100644 src/main/helm/templates/product-cluster-role-binding.yaml create mode 100644 src/main/helm/templates/role-binding.yaml rename src/main/helm/templates/{product-cluster-role.yaml => role.yaml} (82%) diff --git a/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-docs.adoc b/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-docs.adoc index e5a012e..9e1529e 100644 --- a/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-docs.adoc +++ b/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-docs.adoc @@ -46,10 +46,6 @@ app: db: enabled: true operator: false - - env: - # See watchNamespaces - "QUARKUS_OPERATOR_SDK_CONTROLLERS_DATABASECONTROLLER_NAMESPACES": "JOSDK_WATCH_CURRENT" envCustom: - name: KUBERNETES_NAMESPACE valueFrom: @@ -58,6 +54,15 @@ app: serviceAccount: enabled: true +---- + +MESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + serviceAccount: + enabled: true + # Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces watchNamespaces: "JOSDK_WATCH_CURRENT" ---- diff --git a/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-extensions.adoc b/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-extensions.adoc index 58dd5c7..f10032e 100644 --- a/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-extensions.adoc +++ b/docs/modules/onecx-k8s-db-postgresql-operator/pages/onecx-k8s-db-postgresql-operator-extensions.adoc @@ -11,87 +11,87 @@ h| Version | tkit-quarkus-log-cdi | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] +| 2.31.0 | tkit-quarkus-log-rs | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] +| 2.31.0 | tkit-quarkus-log-json | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] +| 2.31.0 | quarkus-arc | https://quarkus.io/guides/cdi-reference[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-micrometer-registry-prometheus | https://quarkus.io/guides/telemetry-micrometer[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-opentelemetry | https://quarkus.io/guides/opentelemetry[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-jdbc-postgresql | https://quarkus.io/guides/datasource[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-jdbc-postgresql.adoc[Link] -| 3.12.2 +| 3.13.2 | tkit-quarkus-security | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] -| 2.28.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] +| 2.31.0 | onecx-core | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link] | -| 0.24.0 +| 0.26.0 | quarkus-smallrye-health | https://quarkus.io/guides/smallrye-health[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-container-image-docker | https://quarkus.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] -| 3.12.2 +| 3.13.2 | quarkus-operator-sdk-bundle-generator | | -| 6.7.1 +| 6.7.3 | quarkus-operator-sdk | | -| 6.7.1 +| 6.7.3 | quarkus-agroal | | -| 3.12.2 +| 3.13.2 |=== \ No newline at end of file diff --git a/src/main/helm/crds/databases.onecx.tkit.org-v1.yml b/src/main/helm/crds/databases.onecx.tkit.org-v1.yml deleted file mode 100644 index 28f4e65..0000000 --- a/src/main/helm/crds/databases.onecx.tkit.org-v1.yml +++ /dev/null @@ -1,63 +0,0 @@ -# Generated by Fabric8 CRDGenerator, manual edits might get overwritten! -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: databases.onecx.tkit.org -spec: - group: onecx.tkit.org - names: - kind: Database - plural: databases - singular: database - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - extensions: - items: - type: string - type: array - host: - type: string - name: - type: string - password-key: - type: string - password-secrets: - type: string - schema: - type: string - user: - type: string - user-search-path: - type: string - type: object - status: - properties: - message: - type: string - observedGeneration: - type: integer - password-secrets: - type: string - status: - enum: - - CREATED - - ERROR - - UNDEFINED - - UPDATED - type: string - url: - type: string - user: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/src/main/helm/templates/operator-cluster-role-binding.yaml b/src/main/helm/templates/operator-cluster-role-binding.yaml deleted file mode 100644 index a644b26..0000000 --- a/src/main/helm/templates/operator-cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-validating-role-binding -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-validating-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} - namespace: {{ .Release.Namespace }} diff --git a/src/main/helm/templates/operator-cluster-role.yaml b/src/main/helm/templates/operator-cluster-role.yaml deleted file mode 100644 index 6719d47..0000000 --- a/src/main/helm/templates/operator-cluster-role.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-validating-cluster-role -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list diff --git a/src/main/helm/templates/product-cluster-role-binding.yaml b/src/main/helm/templates/product-cluster-role-binding.yaml deleted file mode 100644 index 0a2db13..0000000 --- a/src/main/helm/templates/product-cluster-role-binding.yaml +++ /dev/null @@ -1,43 +0,0 @@ -{{ if eq $.Values.watchNamespaces "JOSDK_WATCH_CURRENT" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} -{{ else if eq $.Values.watchNamespaces "JOSDK_ALL_NAMESPACES" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} - namespace: {{ $.Release.Namespace }} -{{ else }} -{{ range $anamespace := ( split "," $.Values.watchNamespaces ) }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding - namespace: {{ $anamespace }} -roleRef: - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ .Release.Name }}-{{ .Values.app.name }} - namespace: {{ $.Release.Namespace }} ---- -{{- end }} -{{- end }} \ No newline at end of file diff --git a/src/main/helm/templates/role-binding.yaml b/src/main/helm/templates/role-binding.yaml new file mode 100644 index 0000000..50899d9 --- /dev/null +++ b/src/main/helm/templates/role-binding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding +roleRef: + kind: Role + apiGroup: rbac.authorization.k8s.io + name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }}-{{ .Values.app.name }} diff --git a/src/main/helm/templates/product-cluster-role.yaml b/src/main/helm/templates/role.yaml similarity index 82% rename from src/main/helm/templates/product-cluster-role.yaml rename to src/main/helm/templates/role.yaml index 033425d..59fbe5e 100644 --- a/src/main/helm/templates/product-cluster-role.yaml +++ b/src/main/helm/templates/role.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role + name: {{ .Release.Name }}-{{ .Values.app.name }}-role rules: - apiGroups: - onecx.tkit.org diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml index 2667a0b..3007655 100644 --- a/src/main/helm/values.yaml +++ b/src/main/helm/values.yaml @@ -5,10 +5,6 @@ app: db: enabled: true operator: false - - env: - # See watchNamespaces - "QUARKUS_OPERATOR_SDK_CONTROLLERS_DATABASECONTROLLER_NAMESPACES": "JOSDK_WATCH_CURRENT" envCustom: - name: KUBERNETES_NAMESPACE valueFrom: @@ -16,6 +12,3 @@ app: fieldPath: metadata.namespace serviceAccount: enabled: true - -# Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces -watchNamespaces: "JOSDK_WATCH_CURRENT" \ No newline at end of file diff --git a/src/main/java/org/tkit/onecx/k8s/db/postgresql/operator/DatabaseController.java b/src/main/java/org/tkit/onecx/k8s/db/postgresql/operator/DatabaseController.java index 76fb17d..db0dd67 100644 --- a/src/main/java/org/tkit/onecx/k8s/db/postgresql/operator/DatabaseController.java +++ b/src/main/java/org/tkit/onecx/k8s/db/postgresql/operator/DatabaseController.java @@ -18,7 +18,7 @@ import io.javaoperatorsdk.operator.processing.event.source.filter.OnUpdateFilter; import io.javaoperatorsdk.operator.processing.event.source.informer.InformerEventSource; -@ControllerConfiguration(onAddFilter = DatabaseController.AddFilter.class, onUpdateFilter = DatabaseController.UpdateFilter.class) +@ControllerConfiguration(onAddFilter = DatabaseController.AddFilter.class, onUpdateFilter = DatabaseController.UpdateFilter.class, namespaces = Constants.WATCH_CURRENT_NAMESPACE) public class DatabaseController implements Reconciler, ErrorStatusHandler, EventSourceInitializer { From 04b246af7f10fca36fd63373b8c02b78ba9c5806 Mon Sep 17 00:00:00 2001 From: Andrej Petras Date: Wed, 21 Aug 2024 14:01:49 +0200 Subject: [PATCH 2/2] feat: update role binding --- src/main/helm/templates/role-binding.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/helm/templates/role-binding.yaml b/src/main/helm/templates/role-binding.yaml index 50899d9..d7ac2eb 100644 --- a/src/main/helm/templates/role-binding.yaml +++ b/src/main/helm/templates/role-binding.yaml @@ -5,7 +5,7 @@ metadata: roleRef: kind: Role apiGroup: rbac.authorization.k8s.io - name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role + name: {{ .Release.Name }}-{{ .Values.app.name }}-role subjects: - kind: ServiceAccount name: {{ .Release.Name }}-{{ .Values.app.name }}