[flink-kubernetes-operator] branch main updated: [FLINK-32041] - Allow operator to manage leases when using watchNamespaces

Thu, 01 Jun 2023 04:14:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

gyfora pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/flink-kubernetes-operator.git


The following commit(s) were added to refs/heads/main by this push:
     new 6711bd93 [FLINK-32041] - Allow operator to manage leases when using 
watchNamespaces
6711bd93 is described below

commit 6711bd93e1c8b1496c81117b6147ab6e163551fb
Author: Thomas <[email protected]>
AuthorDate: Thu Jun 1 07:14:20 2023 -0400

    [FLINK-32041] - Allow operator to manage leases when using watchNamespaces
---
 helm/flink-kubernetes-operator/templates/rbac.yaml | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/helm/flink-kubernetes-operator/templates/rbac.yaml 
b/helm/flink-kubernetes-operator/templates/rbac.yaml
index c08da48b..9b921a4e 100644
--- a/helm/flink-kubernetes-operator/templates/rbac.yaml
+++ b/helm/flink-kubernetes-operator/templates/rbac.yaml
@@ -171,6 +171,43 @@ subjects:
 {{- end }}
 ---
 {{- end }}
+{{/*
+Give operator the ability to operate on leases in the release namespace
+*/}}
+{{- if and .Values.rbac.operatorRole.create (not (has .Release.Namespace 
.Values.watchNamespaces)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "flink-operator.roleName" $ }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "flink-operator.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - "*"
+{{- end }}
+---
+{{- if and .Values.rbac.operatorRole.create (not (has .Release.Namespace 
.Values.watchNamespaces)) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "flink-operator.roleBindingName" $ }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "flink-operator.labels" $ | nindent 4 }}
+roleRef:
+  kind: Role
+  name: {{ include "flink-operator.roleName" $ }}
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "flink-operator.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
 {{ else }}
 {{/*
 Cluster scoped RBAC.

Reply via email to