You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by as...@apache.org on 2022/01/31 13:23:15 UTC
[camel-k] 07/09: chore(knative): Bind the addressable-resolver ClusterRole according to deployment mode
This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 276b25f5bfb101aed07802d0999e7189820d8524
Author: Antonin Stefanutti <an...@stefanutti.fr>
AuthorDate: Fri Jan 28 17:30:43 2022 +0100
chore(knative): Bind the addressable-resolver ClusterRole according to deployment mode
---
pkg/install/knative.go | 29 +++++++++++++++++++++++++++--
pkg/install/operator.go | 4 ++--
2 files changed, 29 insertions(+), 4 deletions(-)
diff --git a/pkg/install/knative.go b/pkg/install/knative.go
index db77b87..6f30db5 100644
--- a/pkg/install/knative.go
+++ b/pkg/install/knative.go
@@ -25,8 +25,8 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
rbacv1ac "k8s.io/client-go/applyconfigurations/rbac/v1"
+ "k8s.io/client-go/kubernetes"
- "github.com/apache/camel-k/pkg/client"
"github.com/apache/camel-k/pkg/util/knative"
)
@@ -34,13 +34,38 @@ const knativeAddressableResolverClusterRoleName = "addressable-resolver"
// BindKnativeAddressableResolverClusterRole binds the Knative Addressable resolver aggregated ClusterRole
// to the operator ServiceAccount.
-func BindKnativeAddressableResolverClusterRole(ctx context.Context, c client.Client, namespace string) error {
+func BindKnativeAddressableResolverClusterRole(ctx context.Context, c kubernetes.Interface, namespace string) error {
if isKnative, err := knative.IsInstalled(ctx, c); err != nil {
return err
} else if !isKnative {
return nil
}
+ if namespace != "" {
+ return applyAddressableResolverRoleBinding(ctx, c, namespace)
+ }
+ return applyAddressableResolverClusterRoleBinding(ctx, c, namespace)
+}
+
+func applyAddressableResolverRoleBinding(ctx context.Context, c kubernetes.Interface, namespace string) error {
+ rb := rbacv1ac.RoleBinding(fmt.Sprintf("%s-addressable-resolver", serviceAccountName), namespace).
+ WithSubjects(
+ rbacv1ac.Subject().
+ WithKind("ServiceAccount").
+ WithNamespace(namespace).
+ WithName(serviceAccountName),
+ ).
+ WithRoleRef(rbacv1ac.RoleRef().
+ WithAPIGroup(rbacv1.GroupName).
+ WithKind("ClusterRole").
+ WithName(knativeAddressableResolverClusterRoleName))
+
+ _, err := c.RbacV1().RoleBindings(namespace).
+ Apply(ctx, rb, metav1.ApplyOptions{FieldManager: serviceAccountName, Force: true})
+
+ return err
+}
+func applyAddressableResolverClusterRoleBinding(ctx context.Context, c kubernetes.Interface, namespace string) error {
crb := rbacv1ac.ClusterRoleBinding(fmt.Sprintf("%s-addressable-resolver", serviceAccountName)).
WithSubjects(
rbacv1ac.Subject().
diff --git a/pkg/install/operator.go b/pkg/install/operator.go
index d602bb5..47c5a0c 100644
--- a/pkg/install/operator.go
+++ b/pkg/install/operator.go
@@ -334,7 +334,7 @@ func installClusterRoleBinding(ctx context.Context, c client.Client, collection
bound := false
for i, subject := range target.Subjects {
- if subject.Name == "camel-k-operator" {
+ if subject.Name == serviceAccountName {
if subject.Namespace == namespace {
bound = true
@@ -352,7 +352,7 @@ func installClusterRoleBinding(ctx context.Context, c client.Client, collection
target.Subjects = append(target.Subjects, rbacv1.Subject{
Kind: "ServiceAccount",
Namespace: namespace,
- Name: "camel-k-operator",
+ Name: serviceAccountName,
})
}