From 8b1e3e5c6924f5422a3a335dde2b044de359e92d Mon Sep 17 00:00:00 2001
From: Evgheni Poleacov <evgheni.poleacov@gmail.com>
Date: Tue, 25 Jun 2024 11:42:17 +0300
Subject: [PATCH] binded crossplane CR to kndp SA

---
 internal/engine/engine.go | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/internal/engine/engine.go b/internal/engine/engine.go
index 0b77999..0243bba 100644
--- a/internal/engine/engine.go
+++ b/internal/engine/engine.go
@@ -48,6 +48,7 @@ const (
 	ReleaseName            = "kndp-crossplane"
 	Version                = "1.15.2"
 	kindClusterRole        = "ClusterRole"
+	clusterRoleName        = "crossplane"
 	providerConfigName     = "kndp-kubernetes-provider-config"
 	helmProviderConfigName = "kndp-helm-provider-config"
 	aggregateToAdmin       = "rbac.crossplane.io/aggregate-to-admin"
@@ -212,13 +213,31 @@ func SetupPrivilegedKubernetesProvider(ctx context.Context, configClient *rest.C
 		},
 	}
 
+	crbc := &rbacv1.ClusterRoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: pcn + "-" + clusterRoleName,
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      rbacv1.ServiceAccountKind,
+				Name:      sa.Name,
+				Namespace: namespace.Namespace,
+			},
+		},
+		RoleRef: rbacv1.RoleRef{
+			APIGroup: rbacv1.GroupName,
+			Kind:     kindClusterRole,
+			Name:     clusterRoleName,
+		},
+	}
+
 	scheme := runtime.NewScheme()
 	rbacv1.AddToScheme(scheme)
 	corev1.AddToScheme(scheme)
 	extv1.AddToScheme(scheme)
 	log.SetLogger(zap.New(zap.WriteTo(io.Discard)))
 	ctrl, _ := client.New(configClient, client.Options{Scheme: scheme})
-	for _, res := range []client.Object{sa, saSec, cr, crb} {
+	for _, res := range []client.Object{sa, saSec, cr, crb, crbc} {
 		_, err := controllerutil.CreateOrUpdate(ctx, ctrl, res, func() error {
 			return nil
 		})