From dabc12954d5ba02ac4c1acaca7a8fa3b4d1e891d Mon Sep 17 00:00:00 2001 From: Kenneth Reitz Date: Sun, 30 Sep 2018 12:17:54 -0400 Subject: [PATCH] progress --- bruce_operator/core.py | 2 +- deploy/operator.yml | 56 ++++++++++++++++++++++++++++++++++++++ deploy/rbac.yml | 62 ------------------------------------------ 3 files changed, 57 insertions(+), 63 deletions(-) delete mode 100644 deploy/rbac.yml diff --git a/bruce_operator/core.py b/bruce_operator/core.py index c04398f..0638cad 100644 --- a/bruce_operator/core.py +++ b/bruce_operator/core.py @@ -108,7 +108,7 @@ class Operator: def ensure_namespace(self): self.logger.info("Ensuring bruce namespace...") - kubectl(f"apply -f ./deploy/_bruce-namespace.yml") + kubectl(f"apply -f ./deploy/_bruce-namespace.yml", raise_on_error=False) def ensure_kubeconfig(self): """Ensures that ~/.kube/config exists, when running in Kubernetes.""" diff --git a/deploy/operator.yml b/deploy/operator.yml index bb170ef..5328cd4 100644 --- a/deploy/operator.yml +++ b/deploy/operator.yml @@ -1,3 +1,57 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: bruce-operator +rules: +- apiGroups: + - extensions + resources: + - thirdpartyresources + verbs: + - get + - list + - watch + - create + - delete + - update +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + - persistientvolumeclaims + verbs: + - get + - list + - watch + - create + - delete +- apiGroups: + - bruce.kennethreitz.org + resources: + - "*" + verbs: + - "*" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: bruce-operator + namespace: bruce +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: bruce-operator + namespace: bruce +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: bruce-operator +subjects: +- kind: ServiceAccount + name: bruce-operator + namespace: bruce +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -11,7 +65,9 @@ spec: metadata: labels: name: bruce-operator + namespace: bruce spec: + serviceAccountName: bruce-operator containers: - name: bruce-operator image: kennethreitz/bruce-operator:latest diff --git a/deploy/rbac.yml b/deploy/rbac.yml deleted file mode 100644 index 9d0b717..0000000 --- a/deploy/rbac.yml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: bruce-operator -rules: -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - bruce.kennethreitz.org - resources: - - buildpacks - - apps - verbs: - - '*' -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' -- apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete -- apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch