progress

bruce_operator/core.py

@@ -108,7 +108,7 @@ class Operator:
 
     def ensure_namespace(self):
         self.logger.info("Ensuring bruce namespace...")
-        kubectl(f"apply -f ./deploy/_bruce-namespace.yml")
+        kubectl(f"apply -f ./deploy/_bruce-namespace.yml", raise_on_error=False)
 
     def ensure_kubeconfig(self):
         """Ensures that ~/.kube/config exists, when running in Kubernetes."""

deploy/operator.yml

@@ -1,3 +1,57 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: bruce-operator
+rules:
+- apiGroups:
+  - extensions
+  resources:
+  - thirdpartyresources
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+  - update
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  - persistientvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - delete
+- apiGroups:
+  - bruce.kennethreitz.org
+  resources:
+  - "*"
+  verbs:
+  - "*"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: bruce-operator
+  namespace: bruce
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: bruce-operator
+  namespace: bruce
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: bruce-operator
+subjects:
+- kind: ServiceAccount
+  name: bruce-operator
+  namespace: bruce
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -11,7 +65,9 @@ spec:
     metadata:
       labels:
         name: bruce-operator
+      namespace: bruce
     spec:
+      serviceAccountName: bruce-operator
       containers:
         - name: bruce-operator
           image: kennethreitz/bruce-operator:latest

deploy/rbac.yml

@@ -1,62 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: bruce-operator
-rules:
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
-  - customresourcedefinitions
-  verbs:
-  - '*'
-- apiGroups:
-  - bruce.kennethreitz.org
-  resources:
-  - buildpacks
-  - apps
-  verbs:
-  - '*'
-- apiGroups:
-  - apps
-  resources:
-  - statefulsets
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - secrets
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - list
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - services
-  - endpoints
-  verbs:
-  - get
-  - create
-  - update
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  verbs:
-  - list
-  - watch
-- apiGroups:
-  - ""
-  resources:
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch