feat: remove k8s cluster role

docs/modules/onecx-product-store-operator/pages/onecx-product-store-operator-docs.adoc

@@ -44,9 +44,6 @@ app:
   name: product-operator
   image:
     repository: "onecx/onecx-product-store-operator"
-  env:
-    # See watchNamespaces
-    "QUARKUS_OPERATOR_SDK_CONTROLLERS_PRODUCT_NAMESPACES": "JOSDK_WATCH_CURRENT"
   envCustom:
     - name: KUBERNETES_NAMESPACE
       valueFrom:
@@ -62,6 +59,13 @@ app:
           kcConfig:
             defaultClientScopes: [ ocx-ps-product:write ]
 
+----
+
+ enabled: true
+        spec:
+          kcConfig:
+            defaultClientScopes: [ ocx-ps-product:write ]
+
 # Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces
 watchNamespaces: "JOSDK_WATCH_CURRENT"
 

docs/modules/onecx-product-store-operator/pages/onecx-product-store-operator-extensions.adoc

@@ -11,105 +11,105 @@ h| Version
 | tkit-quarkus-log-cdi
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
-| 2.28.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.31.0
 
 | tkit-quarkus-log-rs
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
-| 2.28.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.31.0
 
 | tkit-quarkus-log-json
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
-| 2.28.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.31.0
 
 | quarkus-arc
 
 | https://quarkus.io/guides/cdi-reference[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
-| 3.12.2
+| 3.13.2
 
 | quarkus-micrometer-registry-prometheus
 
 | https://quarkus.io/guides/telemetry-micrometer[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
-| 3.12.2
+| 3.13.2
 
 | quarkus-opentelemetry
 
 | https://quarkus.io/guides/opentelemetry[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
-| 3.12.2
+| 3.13.2
 
 | quarkus-openapi-generator
 
 | https://docs.quarkiverse.io/quarkus-openapi-generator/dev/index.html[Link]
-| https://github.com/quarkiverse/quarkus-openapi-generator/blob/2.4.2/docs/modules/ROOT/pages/includes/quarkus-openapi-generator.adoc[Link]
-| 2.4.2
+| https://github.com/quarkiverse/quarkus-openapi-generator/blob/2.4.7/docs/modules/ROOT/pages/includes/quarkus-openapi-generator.adoc[Link]
+| 2.4.7
 
 | quarkus-rest-client
 
 | https://quarkus.io/guides/rest-client[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest-client.adoc[Link]
-| 3.12.2
+| 3.13.2
 
 | quarkus-rest-client-jackson
 
 | https://quarkus.io/guides/rest-client[Link]
 | 
-| 3.12.2
+| 3.13.2
 
 | tkit-quarkus-security
 
 | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.28.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
-| 2.28.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.31.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
+| 2.31.0
 
 | onecx-core
 
 | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
 | 
-| 0.24.0
+| 0.26.0
 
 | quarkus-smallrye-health
 
 | https://quarkus.io/guides/smallrye-health[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
-| 3.12.2
+| 3.13.2
 
 | quarkus-container-image-docker
 
 | https://quarkus.io/guides/container-image[Link]
 | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
-| 3.12.2
+| 3.13.2
 
 
 | quarkus-operator-sdk-bundle-generator
 
 | 
 | 
-| 6.7.1
+| 6.7.3
 
 | quarkus-operator-sdk
 
 | 
 | 
-| 6.7.1
+| 6.7.3
 
 | quarkus-oidc-client
 
 | 
 | 
-| 3.12.2
+| 3.13.2
 
 | quarkus-rest-client-oidc-filter
 
 | 
 | 
-| 3.12.2
+| 3.13.2
 
 
 |===

src/main/helm/templates/role-binding.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.app.name }}-role-binding
+roleRef:
+  kind: Role
+  apiGroup: rbac.authorization.k8s.io
+  name: {{ .Release.Name }}-{{ .Values.app.name }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Release.Name }}-{{ .Values.app.name }}

src/main/helm/templates/product-cluster-role.yaml → src/main/helm/templates/role.yaml

@@ -1,19 +1,19 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ .Release.Name }}-{{ .Values.app.name }}-cluster-role
-rules:
-  - apiGroups:
-      - onecx.tkit.org
-    resources:
-      - products
-      - products/status
-      - products/finalizers
-    verbs:
-      - get
-      - list
-      - watch
-      - patch
-      - update
-      - create
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-{{ .Values.app.name }}-role
+rules:
+  - apiGroups:
+      - onecx.tkit.org
+    resources:
+      - products
+      - products/status
+      - products/finalizers
+    verbs:
+      - get
+      - list
+      - watch
+      - patch
+      - update
+      - create
       - delete

src/main/helm/values.yaml

@@ -2,9 +2,6 @@ app:
   name: product-operator
   image:
     repository: "onecx/onecx-product-store-operator"
-  env:
-    # See watchNamespaces
-    "QUARKUS_OPERATOR_SDK_CONTROLLERS_PRODUCT_NAMESPACES": "JOSDK_WATCH_CURRENT"
   envCustom:
     - name: KUBERNETES_NAMESPACE
       valueFrom:
@@ -19,6 +16,3 @@ app:
         spec:
           kcConfig:
             defaultClientScopes: [ ocx-ps-product:write ]
-
-# Values: JOSDK_WATCH_CURRENT, JOSDK_ALL_NAMESPACES or comma separated list of namespaces
-watchNamespaces: "JOSDK_WATCH_CURRENT"

src/main/java/org/tkit/onecx/product/store/operator/ProductController.java

@@ -11,7 +11,7 @@
 import io.javaoperatorsdk.operator.processing.event.source.filter.OnAddFilter;
 import io.javaoperatorsdk.operator.processing.event.source.filter.OnUpdateFilter;
 
-@ControllerConfiguration(name = "product", onAddFilter = ProductController.AddFilter.class, onUpdateFilter = ProductController.UpdateFilter.class)
+@ControllerConfiguration(name = "product", namespaces = Constants.WATCH_CURRENT_NAMESPACE, onAddFilter = ProductController.AddFilter.class, onUpdateFilter = ProductController.UpdateFilter.class)
 public class ProductController implements Reconciler<Product>, ErrorStatusHandler<Product> {
     private static final Logger log = LoggerFactory.getLogger(ProductController.class);