Skip to content

Commit

Permalink
Merge pull request #145 from kndpio/144-kubernetes-providerconfig-doe…
Browse files Browse the repository at this point in the history 
…snt-have-enough-permissions

binded crossplane CR to kndp SA
  • Loading branch information
@evghen1
evghen1 authored Jun 25, 2024
2 parents 7cd0457 + 8b1e3e5 commit 3633e29
Showing 1 changed file with 20 additions and 1 deletion.
21 changes: 20 additions & 1 deletion internal/engine/engine.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ const (
ReleaseName = "kndp-crossplane"
Version = "1.15.2"
kindClusterRole = "ClusterRole"
clusterRoleName = "crossplane"
providerConfigName = "kndp-kubernetes-provider-config"
helmProviderConfigName = "kndp-helm-provider-config"
aggregateToAdmin = "rbac.crossplane.io/aggregate-to-admin"
Expand Down Expand Up @@ -212,13 +213,31 @@ func SetupPrivilegedKubernetesProvider(ctx context.Context, configClient *rest.C
},
}

crbc := &rbacv1.ClusterRoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: pcn + "-" + clusterRoleName,
},
Subjects: []rbacv1.Subject{
{
Kind: rbacv1.ServiceAccountKind,
Name: sa.Name,
Namespace: namespace.Namespace,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: rbacv1.GroupName,
Kind: kindClusterRole,
Name: clusterRoleName,
},
}

scheme := runtime.NewScheme()
rbacv1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
extv1.AddToScheme(scheme)
log.SetLogger(zap.New(zap.WriteTo(io.Discard)))
ctrl, _ := client.New(configClient, client.Options{Scheme: scheme})
for _, res := range []client.Object{sa, saSec, cr, crb} {
for _, res := range []client.Object{sa, saSec, cr, crb, crbc} {
_, err := controllerutil.CreateOrUpdate(ctx, ctrl, res, func() error {
return nil
})
Expand Down

0 comments on commit 3633e29

Please sign in to comment.