Init kubebuilder with ressource and controller

config/rbac/kustomization.yaml

@@ -0,0 +1,20 @@
+resources:
+# All RBAC will be applied under this service account in
+# the deployment namespace. You may comment out this resource
+# if your manager will use a service account that exists at
+# runtime. Be sure to update RoleBinding and ClusterRoleBinding
+# subjects if changing service account names.
+- service_account.yaml
+- role.yaml
+- role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml
+# For each CRD, "Editor" and "Viewer" roles are scaffolded by
+# default, aiding admins in cluster management. Those roles are
+# not used by the Project itself. You can comment the following lines
+# if you do not want those helpers be installed with your Project.
+- operator_editor_role.yaml
+- operator_viewer_role.yaml
+- operator-test_editor_role.yaml
+- operator-test_viewer_role.yaml
+

config/rbac/leader_election_role.yaml

@@ -0,0 +1,40 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch

config/rbac/leader_election_role_binding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/operator-test_editor_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to edit operator-tests.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: operator-test-editor-role
+rules:
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operator-tests
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operator-tests/status
+  verbs:
+  - get

config/rbac/operator-test_viewer_role.yaml

@@ -0,0 +1,23 @@
+# permissions for end users to view operator-tests.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: operator-test-viewer-role
+rules:
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operator-tests
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operator-tests/status
+  verbs:
+  - get

config/rbac/operator_editor_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to edit operators.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: operator-editor-role
+rules:
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operators
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operators/status
+  verbs:
+  - get

config/rbac/operator_viewer_role.yaml

@@ -0,0 +1,23 @@
+# permissions for end users to view operators.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: operator-viewer-role
+rules:
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operators
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - webapp.localhost
+  resources:
+  - operators/status
+  verbs:
+  - get

config/rbac/role.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: manager-role
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]

config/rbac/role_binding.yaml

@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: manager-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/rbac/service_account.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: operator-test
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager
+  namespace: system