apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
 name: clusteroperators.codemowers.io
spec:
 group: codemowers.io
 names:
   plural: clusteroperators
   singular: clusteroperator
   kind: ClusterOperator
   shortNames:
   - clusteroperator
 scope: Cluster
 versions:
   - name: v1alpha1
     served: true
     storage: true
     schema:
       openAPIV3Schema:
         type: object
         properties:
           spec:
             type: object
             properties:
               resource:
                 type: object
                 properties:
                   group:
                     type: string
                   version:
                     type: string
                   plural:
                     type: string
               secret:
                 type: object
                 properties:
                   name:
                     type: string
                   enabled:
                     type: boolean
                   structure:
                     type: array
                     items:
                       type: object
                       properties:
                         key:
                           type: string
                         value:
                           type: string
               services:
                 type: array
                 items:
                   type: object
                   x-kubernetes-preserve-unknown-fields: true
               deployments:
                 type: array
                 items:
                   type: object
                   x-kubernetes-preserve-unknown-fields: true
               statefulsets:
                 type: array
                 items:
                   type: object
                   x-kubernetes-preserve-unknown-fields: true
               configmaps:
                 type: array
                 items:
                   type: object
                   x-kubernetes-preserve-unknown-fields: true
         required: ["spec"]
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: meta-operator
  namespace: meta-operator
  labels:
    app.kubernetes.io/name: meta-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: meta-operator
  template:
    metadata:
      labels:
        app.kubernetes.io/name: meta-operator
    spec:
      serviceAccountName: meta-operator
      containers:
        - name: meta-operator
          image: harbor.k-space.ee/k-space/meta-operator
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 1000
          env:
            - name: MY_POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
---
apiVersion: codemowers.io/v1alpha1
kind: ClusterOperator
metadata:
  name: meta
spec:
  resource:
    group: codemowers.io
    version: v1alpha1
    plural: clusteroperators
  secret:
    enabled: false
  deployments:
    - apiVersion: apps/v1
      kind: Deployment
      metadata:
        name: foobar-operator
        labels:
          app.kubernetes.io/name: foobar-operator
      spec:
        replicas: 1
        selector:
          matchLabels:
            app.kubernetes.io/name: foobar-operator
        template:
          metadata:
            labels:
              app.kubernetes.io/name: foobar-operator
          spec:
            serviceAccountName: meta-operator
            containers:
              - name: meta-operator
                image: harbor.k-space.ee/k-space/meta-operator
                command:
                  - /meta-operator.py
                  - --target
                  - foobar
                securityContext:
                  readOnlyRootFilesystem: true
                  runAsNonRoot: true
                  runAsUser: 1000
                env:
                  - name: MY_POD_NAMESPACE
                    valueFrom:
                      fieldRef:
                        fieldPath: metadata.namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: meta-operator
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  - configmaps
  - services
  verbs:
  - create
  - get
  - patch
  - update
  - delete
  - list
- apiGroups:
  - apps
  resources:
  - deployments
  - statefulsets
  verbs:
  - create
  - delete
  - list
  - update
  - patch
- apiGroups:
  - codemowers.io
  resources:
  - clusteroperators
  - keydbs
  verbs:
  - get
  - list
  - watch
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: meta-operator
  namespace: meta-operator
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: meta-operator
subjects:
- kind: ServiceAccount
  name: meta-operator
  namespace: meta-operator
roleRef:
  kind: ClusterRole
  name: meta-operator
  apiGroup: rbac.authorization.k8s.io