This is an automated email from the ASF dual-hosted git repository.
astefanutti pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-k.git
commit 3439d711e88ed5c71a2279adc350f0d36e2bde3d
Author: Antonin Stefanutti <anto...@stefanutti.fr>
AuthorDate: Fri Jan 28 12:17:36 2022 +0100
feat(knative): Bind the Addressable resolver aggregated ClusterRole to the
operator SA
---
pkg/install/common.go | 2 ++
pkg/install/knative.go | 60 +++++++++++++++++++++++++++++++++++++++++++++++++
pkg/install/optional.go | 8 ++++++-
3 files changed, 69 insertions(+), 1 deletion(-)
diff --git a/pkg/install/common.go b/pkg/install/common.go
index e131298..a8606ed 100644
--- a/pkg/install/common.go
+++ b/pkg/install/common.go
@@ -35,6 +35,8 @@ import (
"github.com/apache/camel-k/pkg/util/openshift"
)
+const serviceAccountName = "camel-k-operator"
+
// ResourceCustomizer can be used to inject code that changes the objects
before they are created.
type ResourceCustomizer func(object ctrl.Object) ctrl.Object
diff --git a/pkg/install/knative.go b/pkg/install/knative.go
new file mode 100644
index 0000000..db77b87
--- /dev/null
+++ b/pkg/install/knative.go
@@ -0,0 +1,60 @@
+/*
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package install
+
+import (
+ "context"
+ "fmt"
+
+ rbacv1 "k8s.io/api/rbac/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+ rbacv1ac "k8s.io/client-go/applyconfigurations/rbac/v1"
+
+ "github.com/apache/camel-k/pkg/client"
+ "github.com/apache/camel-k/pkg/util/knative"
+)
+
+const knativeAddressableResolverClusterRoleName = "addressable-resolver"
+
+// BindKnativeAddressableResolverClusterRole binds the Knative Addressable
resolver aggregated ClusterRole
+// to the operator ServiceAccount.
+func BindKnativeAddressableResolverClusterRole(ctx context.Context, c
client.Client, namespace string) error {
+ if isKnative, err := knative.IsInstalled(ctx, c); err != nil {
+ return err
+ } else if !isKnative {
+ return nil
+ }
+
+ crb :=
rbacv1ac.ClusterRoleBinding(fmt.Sprintf("%s-addressable-resolver",
serviceAccountName)).
+ WithSubjects(
+ rbacv1ac.Subject().
+ WithKind("ServiceAccount").
+ WithNamespace(namespace).
+ WithName(serviceAccountName),
+ ).
+ WithRoleRef(rbacv1ac.RoleRef().
+ WithAPIGroup(rbacv1.GroupName).
+ WithKind("ClusterRole").
+ WithName(knativeAddressableResolverClusterRoleName))
+
+ _, err := c.RbacV1().ClusterRoleBindings().
+ Apply(ctx, crb, metav1.ApplyOptions{FieldManager:
serviceAccountName, Force: true})
+
+ return err
+}
diff --git a/pkg/install/optional.go b/pkg/install/optional.go
index 10da131..dd3d0fc 100644
--- a/pkg/install/optional.go
+++ b/pkg/install/optional.go
@@ -21,10 +21,10 @@ import (
"context"
"strings"
- "github.com/apache/camel-k/pkg/util/defaults"
"github.com/go-logr/logr"
"github.com/apache/camel-k/pkg/client"
+ "github.com/apache/camel-k/pkg/util/defaults"
)
// OperatorStartupOptionalTools tries to install optional tools at operator
startup and warns if something goes wrong.
@@ -63,4 +63,10 @@ func OperatorStartupOptionalTools(ctx context.Context, c
client.Client, namespac
}
}
}
+
+ // Try to bind the Knative Addressable resolver aggregated ClusterRole
to the operator ServiceAccount
+ if err := BindKnativeAddressableResolverClusterRole(ctx, c, namespace);
err != nil {
+ log.Info("Cannot bind the Knative Addressable resolver
aggregated ClusterRole: skipping.")
+ log.V(8).Info("Error while binding the Knative Addressable
resolver aggregated ClusterRole", "error", err)
+ }
}
