7f159647 by Adam Heath

Patch roles/bindings for keycloak-operator so it can more easily watch

any namespace(can't watch all, they have to be explicitly specified).
1 parent cc2d9885
namespace: keycloak-operator
watchNamespaces: "default"
......
......@@ -9,4 +9,83 @@ releases:
- name: keycloak-operator
namespace: {{ .Values.namespace }}
chart: charts/keycloak-operator
jsonPatches:
- target:
kind: Deployment
name: keycloak-operator
namespace: {{ .Values.namespace }}
version: v1
group: apps
patch:
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: QUARKUS_OPERATOR_SDK_NAMESPACES
value: {{ .Values.watchNamespaces }}
- target:
kind: Role
name: keycloak-operator-role
namespace: {{ .Values.namespace }}
version: v1
group: rbac.authorization.k8s.io
patch:
- op: remove
path: /metadata/namespace
- op: replace
path: /kind
value: ClusterRole
- target:
kind: RoleBinding
name: keycloak-operator-role-binding
namespace: {{ .Values.namespace }}
version: v1
group: rbac.authorization.k8s.io
patch:
- op: remove
path: /metadata/namespace
- op: replace
path: /kind
value: ClusterRoleBinding
- op: replace
path: /roleRef/kind
value: ClusterRole
- target:
kind: RoleBinding
name: keycloak-operator-view
namespace: {{ .Values.namespace }}
version: v1
group: rbac.authorization.k8s.io
patch:
- op: remove
path: /metadata/namespace
- op: replace
path: /kind
value: ClusterRoleBinding
- op: replace
path: /roleRef/kind
value: ClusterRole
- target:
kind: RoleBinding
name: keycloakcontroller-role-binding
namespace: {{ .Values.namespace }}
version: v1
group: rbac.authorization.k8s.io
patch:
- op: remove
path: /metadata/namespace
- op: replace
path: /kind
value: ClusterRoleBinding
- target:
kind: RoleBinding
name: keycloakrealmimportcontroller-role-binding
namespace: {{ .Values.namespace }}
version: v1
group: rbac.authorization.k8s.io
patch:
- op: remove
path: /metadata/namespace
- op: replace
path: /kind
value: ClusterRoleBinding
......