seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: operator roles sanitizing (#1814) 

* chore: che-operator roles sanitizing

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
pull/1815/head
Anatolii Bazko 2024-03-07 11:01:30 +01:00 committed by GitHub
parent 09e4471079
commit d4d21a2535
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
34 changed files with 765 additions and 2900 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/scripts/minikube-tests/common.sh
View File

@ -215,6 +215,8 @@ spec:
- name: ide
uri: http://plugin-registry.eclipse-che.svc:8080/v3/plugins/che-incubator/che-code/insiders/devfile.yaml
template:
attributes:
controller.devfile.io/storage-type: ephemeral
components:
- name: tooling-container
container:

3
build/scripts/minikube-tests/test-operator-from-sources.sh
View File

@ -16,6 +16,9 @@ set -e
OPERATOR_REPO=$(dirname "$(dirname "$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")")")
source "${OPERATOR_REPO}/build/scripts/minikube-tests/common.sh"
# Stop execution on any error
trap "catchFinish" EXIT SIGINT
init() {
unset CR_PATCH_YAML

447
bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
View File

@ -92,7 +92,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che.v7.82.0-842.next
name: eclipse-che.v7.83.0-858.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -499,11 +499,17 @@ spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -511,93 +517,61 @@ spec:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -625,64 +599,39 @@ spec:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -696,49 +645,18 @@ spec:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -748,16 +666,6 @@ spec:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -768,33 +676,27 @@ spec:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -804,7 +706,11 @@ spec:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -813,6 +719,14 @@ spec:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -829,32 +743,39 @@ spec:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -897,6 +818,13 @@ spec:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
serviceAccountName: che-operator
deployments:
- name: che-operator
@ -1033,197 +961,30 @@ spec:
terminationGracePeriodSeconds: 20
permissions:
- rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- ""
resources:
@ -1251,7 +1012,7 @@ spec:
- java
links:
- name: Product Page
url: http://www.eclipse.org/che
url: https://www.eclipse.org/che
- name: Documentation
url: https://www.eclipse.org/che/docs
- name: Operator GitHub Repo
@ -1263,7 +1024,7 @@ spec:
minKubeVersion: 1.19.0
provider:
name: Eclipse Foundation
version: 7.82.0-842.next
version: 7.83.0-858.next
webhookdefinitions:
- admissionReviewVersions:
- v1

2
config/manifests/bases/che-operator.clusterserviceversion.yaml
View File

@ -447,7 +447,7 @@ spec:
- java
links:
- name: Product Page
url: http://www.eclipse.org/che
url: https://www.eclipse.org/che
- name: Documentation
url: https://www.eclipse.org/che/docs
- name: Operator GitHub Repo

21
config/rbac/auth_proxy_client_clusterrole.yaml
View File

@ -1,21 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: metrics-reader
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get

29
config/rbac/auth_proxy_role.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

24
config/rbac/auth_proxy_role_binding.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: che-operator
namespace: system

26
config/rbac/auth_proxy_service.yaml
View File

@ -1,26 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che-operator
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
app: che-operator

36
config/rbac/checluster_editor_role.yaml
View File

@ -1,36 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# permissions for end users to edit checlusters.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: checluster-editor-role
rules:
- apiGroups:
- org.eclipse.che
resources:
- checlusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- org.eclipse.che
resources:
- checlusters/status
verbs:
- get

32
config/rbac/checluster_viewer_role.yaml
View File

@ -1,32 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# permissions for end users to view checlusters.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: checluster-viewer-role
rules:
- apiGroups:
- org.eclipse.che
resources:
- checlusters
verbs:
- get
- list
- watch
- apiGroups:
- org.eclipse.che
resources:
- checlusters/status
verbs:
- get

262
config/rbac/cluster_role.yaml
View File

@ -21,11 +21,17 @@ metadata:
app.kubernetes.io/component: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ''
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ''
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ''
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resources:
@ -335,6 +241,14 @@ rules:
- cluster
verbs:
- get
- apiGroups:
- config.openshift.io
resources:
- proxies
resourceNames:
- cluster
verbs:
- get
- apiGroups:
- ''
resources:
@ -351,32 +265,39 @@ rules:
- get
- list
- create
- apiGroups:
- ''
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -418,4 +339,11 @@ rules:
resources:
- limitranges
verbs:
- list
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

2
config/rbac/kustomization.yaml
View File

@ -21,5 +21,3 @@ resources:
- role_binding.yaml
- cluster_role.yaml
- cluster_rolebinding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml

56
config/rbac/leader_election_role.yaml
View File

@ -1,56 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: che-operator-leader-election
namespace: eclipse-che
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
config/rbac/leader_election_role_binding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: che-operator-leader-election
namespace: eclipse-che
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

198
config/rbac/role.yaml
View File

@ -21,170 +21,34 @@ metadata:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/name: che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

4
config/rbac/role_binding.yaml
View File

@ -25,5 +25,5 @@ roleRef:
kind: Role
name: che-operator
subjects:
- kind: ServiceAccount
name: che-operator
- kind: ServiceAccount
name: che-operator

2
controllers/usernamespace/namespacecache_test.go
View File

@ -26,7 +26,6 @@ import (
routev1 "github.com/openshift/api/route/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
extensions "k8s.io/api/extensions/v1beta1"
networkingv1 "k8s.io/api/networking/v1"
"k8s.io/api/node/v1alpha1"
rbac "k8s.io/api/rbac/v1"
@ -42,7 +41,6 @@ import (
func createTestScheme() *runtime.Scheme {
scheme := runtime.NewScheme()
utilruntime.Must(v1alpha1.AddToScheme(scheme))
utilruntime.Must(extensions.AddToScheme(scheme))
utilruntime.Must(corev1.AddToScheme(scheme))
utilruntime.Must(appsv1.AddToScheme(scheme))
utilruntime.Must(rbac.AddToScheme(scheme))

471
deploy/deployment/kubernetes/combined.yaml
View File

@ -8201,209 +8201,30 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- ""
resources:
@ -8423,11 +8244,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -8435,93 +8262,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -8549,64 +8344,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -8620,49 +8390,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -8672,16 +8411,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -8692,33 +8421,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -8728,7 +8451,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -8737,6 +8464,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -8753,32 +8488,39 @@ rules:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -8821,6 +8563,13 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
@ -8841,24 +8590,6 @@ subjects:
name: che-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:

54
deploy/deployment/kubernetes/objects/che-operator-leader-election.Role.yaml
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
deploy/deployment/kubernetes/objects/che-operator-leader-election.RoleBinding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

258
deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml
View File

@ -21,11 +21,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -335,6 +241,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -351,32 +265,39 @@ rules:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -419,3 +340,10 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

166
deploy/deployment/kubernetes/objects/che-operator.Role.yaml
View File

@ -21,170 +21,34 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

471
deploy/deployment/openshift/combined.yaml
View File

@ -8201,209 +8201,30 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- ""
resources:
@ -8423,11 +8244,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -8435,93 +8262,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -8549,64 +8344,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -8620,49 +8390,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -8672,16 +8411,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -8692,33 +8421,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -8728,7 +8451,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -8737,6 +8464,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -8753,32 +8488,39 @@ rules:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -8821,6 +8563,13 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
@ -8841,24 +8590,6 @@ subjects:
name: che-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:

54
deploy/deployment/openshift/objects/che-operator-leader-election.Role.yaml
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
deploy/deployment/openshift/objects/che-operator-leader-election.RoleBinding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

258
deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml
View File

@ -21,11 +21,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -335,6 +241,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -351,32 +265,39 @@ rules:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -419,3 +340,10 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

166
deploy/deployment/openshift/objects/che-operator.Role.yaml
View File

@ -21,170 +21,34 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

54
helmcharts/next/templates/che-operator-leader-election.Role.yaml
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
helmcharts/next/templates/che-operator-leader-election.RoleBinding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

258
helmcharts/next/templates/che-operator.ClusterRole.yaml
View File

@ -21,11 +21,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -335,6 +241,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -351,32 +265,39 @@ rules:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -419,3 +340,10 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

166
helmcharts/next/templates/che-operator.Role.yaml
View File

@ -21,170 +21,34 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

2
main.go
View File

@ -68,7 +68,6 @@ import (
operatorsv1 "github.com/operator-framework/api/pkg/operators/v1"
operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
packagesv1 "github.com/operator-framework/operator-lifecycle-manager/pkg/package-server/apis/operators/v1"
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
image_puller_api "github.com/che-incubator/kubernetes-image-puller-operator/api/v1alpha1"
projectv1 "github.com/openshift/api/project/v1"
@ -131,7 +130,6 @@ func init() {
//+kubebuilder:scaffold:scheme
utilruntime.Must(clientgoscheme.AddToScheme(scheme))
utilruntime.Must(admissionregistrationv1.AddToScheme(scheme))
utilruntime.Must(apiextensionsv1.AddToScheme(scheme))
utilruntime.Must(rbacv1.AddToScheme(scheme))
// Setup Scheme for all resources

10
pkg/common/test/utils.go
View File

@ -31,11 +31,8 @@ import (
"github.com/eclipse-che/che-operator/pkg/common/chetypes"
console "github.com/openshift/api/console/v1"
oauthv1 "github.com/openshift/api/oauth/v1"
userv1 "github.com/openshift/api/user/v1"
operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
crdv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -191,17 +188,12 @@ func GetDeployContext(cheCluster *chev2.CheCluster, initObjs []runtime.Object) *
scheme := scheme.Scheme
chev2.SchemeBuilder.AddToScheme(scheme)
scheme.AddKnownTypes(operatorsv1alpha1.SchemeGroupVersion, &operatorsv1alpha1.Subscription{})
scheme.AddKnownTypes(controllerv1alpha1.SchemeBuilder.GroupVersion, &controllerv1alpha1.DevWorkspaceOperatorConfig{})
scheme.AddKnownTypes(crdv1.SchemeGroupVersion, &crdv1.CustomResourceDefinition{})
scheme.AddKnownTypes(operatorsv1alpha1.SchemeGroupVersion, &operatorsv1alpha1.Subscription{})
scheme.AddKnownTypes(oauthv1.GroupVersion, &oauthv1.OAuthClient{})
scheme.AddKnownTypes(oauthv1.GroupVersion, &oauthv1.OAuthClientList{})
scheme.AddKnownTypes(userv1.GroupVersion, &userv1.UserList{}, &userv1.User{}, &userv1.Identity{})
scheme.AddKnownTypes(configv1.GroupVersion, &configv1.OAuth{}, &configv1.Proxy{}, &configv1.Console{})
scheme.AddKnownTypes(configv1.GroupVersion, &configv1.Proxy{}, &configv1.Console{})
scheme.AddKnownTypes(routev1.GroupVersion, &routev1.Route{})
scheme.AddKnownTypes(corev1.SchemeGroupVersion, &corev1.Secret{})
scheme.AddKnownTypes(corev1.SchemeGroupVersion, &corev1.Secret{})
scheme.AddKnownTypes(console.GroupVersion, &console.ConsoleLink{})
scheme.AddKnownTypes(chev1alpha1.GroupVersion, &chev1alpha1.KubernetesImagePuller{})
securityv1.Install(scheme)

15
pkg/deploy/server/rbac.go
View File

@ -238,16 +238,6 @@ func (s *CheServerReconciler) getUserCommonPolicies() []rbacv1.PolicyRule {
Resources: []string{"configmaps"},
Verbs: []string{"get", "list", "create", "update", "patch", "delete"},
},
{
APIGroups: []string{""},
Resources: []string{"events"},
Verbs: []string{"watch"},
},
{
APIGroups: []string{"apps"},
Resources: []string{"secrets"},
Verbs: []string{"list"},
},
{
APIGroups: []string{"apps"},
Resources: []string{"deployments"},
@ -258,11 +248,6 @@ func (s *CheServerReconciler) getUserCommonPolicies() []rbacv1.PolicyRule {
Resources: []string{"replicasets"},
Verbs: []string{"get", "list", "patch", "delete"},
},
{
APIGroups: []string{"extensions"},
Resources: []string{"ingresses"},
Verbs: []string{"get", "list", "watch", "create", "delete"},
},
{
APIGroups: []string{"networking.k8s.io"},
Resources: []string{"ingresses"},