apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusteroperators.codemowers.io spec: group: codemowers.io names: plural: clusteroperators singular: clusteroperator kind: ClusterOperator shortNames: - clusteroperator scope: Cluster versions: - name: v1alpha1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: resource: type: object properties: group: type: string version: type: string plural: type: string secret: type: object properties: name: type: string enabled: type: boolean structure: type: array items: type: object properties: key: type: string value: type: string services: type: array items: type: object x-kubernetes-preserve-unknown-fields: true deployments: type: array items: type: object x-kubernetes-preserve-unknown-fields: true statefulsets: type: array items: type: object x-kubernetes-preserve-unknown-fields: true configmaps: type: array items: type: object x-kubernetes-preserve-unknown-fields: true customresources: type: array items: type: object x-kubernetes-preserve-unknown-fields: true clusterrole: type: string required: ["spec"] --- apiVersion: apps/v1 kind: Deployment metadata: name: meta-operator namespace: meta-operator labels: app.kubernetes.io/name: meta-operator spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: meta-operator template: metadata: labels: app.kubernetes.io/name: meta-operator spec: serviceAccountName: meta-operator containers: - name: meta-operator image: harbor.k-space.ee/k-space/meta-operator securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace --- apiVersion: codemowers.io/v1alpha1 kind: ClusterOperator metadata: name: meta spec: resource: group: codemowers.io version: v1alpha1 plural: clusteroperators secret: enabled: false deployments: - apiVersion: apps/v1 kind: Deployment metadata: name: foobar-operator labels: app.kubernetes.io/name: foobar-operator spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: foobar-operator template: metadata: labels: app.kubernetes.io/name: foobar-operator spec: serviceAccountName: meta-operator containers: - name: meta-operator image: harbor.k-space.ee/k-space/meta-operator command: - /meta-operator.py - --target - foobar securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 env: - name: MY_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: meta-operator rules: - apiGroups: - "" resources: - secrets - configmaps - services verbs: - create - get - patch - update - delete - list - apiGroups: - apps resources: - deployments - statefulsets verbs: - create - delete - list - update - patch - apiGroups: - codemowers.io resources: - bindzones - clusteroperators - keydbs verbs: - get - list - watch - apiGroups: - k-space.ee resources: - cams verbs: - get - list - watch --- apiVersion: v1 kind: ServiceAccount metadata: name: meta-operator namespace: meta-operator --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: meta-operator subjects: - kind: ServiceAccount name: meta-operator namespace: meta-operator roleRef: kind: ClusterRole name: meta-operator apiGroup: rbac.authorization.k8s.io