-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
<username>-che as default namespace #156
Closed
Closed
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
83d2544
don't create che-workspace serviceaccount and give needed permissions…
sparkoo 3ade531
don't create roles and rolebindings when oauth enabled
sparkoo 9e5bce3
Merge branch 'master' into che-workspace-rem
sparkoo 3b1e777
grant more permissions to support running workspaces in pre-created n…
sparkoo 6786dd5
add needed permissions to create namespace and run workspace in diffe…
sparkoo cd48a3c
license headers, cleanup
sparkoo aca6124
update permissions
sparkoo 092a2d2
Merge branch 'master' of https://github.com/eclipse/che-operator into…
AndrienkoAleksandr e5dbf1e
Fix issue with Che 'update' namespace permission and other stuff
AndrienkoAleksandr 9390c16
Fix issue with clusterrolebindings and clusterrole finalizers
AndrienkoAleksandr e7a29d9
Fix deploy Che using olm on the minikube Fix deploy Che using olm on …
AndrienkoAleksandr 6baaa73
Address changes.
AndrienkoAleksandr 1922ae6
Fix service account wrongly generated by operator-sdk for some cluste…
AndrienkoAleksandr caf9bd8
Merge branch 'master' of https://github.com/eclipse/che-operator into…
AndrienkoAleksandr aa4635f
Clean up.
AndrienkoAleksandr File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# | ||
# Copyright (c) 2012-2019 Red Hat, Inc. | ||
# This program and the accompanying materials are made | ||
# available under the terms of the Eclipse Public License 2.0 | ||
# which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
# | ||
# SPDX-License-Identifier: EPL-2.0 | ||
# | ||
# Contributors: | ||
# Red Hat, Inc. - initial API and implementation | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: che-operator-che | ||
subjects: | ||
- kind: ServiceAccount | ||
name: che-operator | ||
namespace: che | ||
roleRef: | ||
kind: ClusterRole | ||
name: che-manage-namespaces | ||
apiGroup: rbac.authorization.k8s.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
# | ||
# Copyright (c) 2012-2019 Red Hat, Inc. | ||
# This program and the accompanying materials are made | ||
# available under the terms of the Eclipse Public License 2.0 | ||
# which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
# | ||
# SPDX-License-Identifier: EPL-2.0 | ||
# | ||
# Contributors: | ||
# Red Hat, Inc. - initial API and implementation | ||
kind: ClusterRoleBinding | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: che-operator-create-namespaces | ||
subjects: | ||
- kind: ServiceAccount | ||
name: che-operator | ||
namespace: che | ||
roleRef: | ||
kind: ClusterRole | ||
name: che-create-namespaces | ||
apiGroup: rbac.authorization.k8s.io |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,159 @@ | ||
# | ||
# Copyright (c) 2012-2019 Red Hat, Inc. | ||
# This program and the accompanying materials are made | ||
# available under the terms of the Eclipse Public License 2.0 | ||
# which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
# | ||
# SPDX-License-Identifier: EPL-2.0 | ||
# | ||
# Contributors: | ||
# Red Hat, Inc. - initial API and implementation | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: che-manage-namespaces | ||
labels: | ||
app: che | ||
component: che | ||
rules: | ||
- verbs: | ||
- get | ||
- create | ||
apiGroups: | ||
- authorization.openshift.io | ||
- rbac.authorization.k8s.io | ||
resources: | ||
- roles | ||
- verbs: | ||
- get | ||
- update | ||
- create | ||
apiGroups: | ||
- authorization.openshift.io | ||
- rbac.authorization.k8s.io | ||
resources: | ||
- rolebindings | ||
- verbs: | ||
- get | ||
apiGroups: | ||
- project.openshift.io | ||
resources: | ||
- projects | ||
- verbs: | ||
- get | ||
- create | ||
- watch | ||
apiGroups: | ||
- '' | ||
resources: | ||
- serviceaccounts | ||
- verbs: | ||
- create | ||
apiGroups: | ||
- '' | ||
resources: | ||
- pods/exec | ||
- verbs: | ||
- list | ||
apiGroups: | ||
- '' | ||
resources: | ||
- persistentvolumeclaims | ||
- configmaps | ||
- verbs: | ||
- list | ||
apiGroups: | ||
- apps | ||
resources: | ||
- secrets | ||
- verbs: | ||
- list | ||
- create | ||
- delete | ||
apiGroups: | ||
- '' | ||
resources: | ||
- secrets | ||
- verbs: | ||
- create | ||
- get | ||
- watch | ||
apiGroups: | ||
- '' | ||
resources: | ||
- persistentvolumeclaims | ||
- verbs: | ||
- get | ||
- list | ||
- create | ||
- watch | ||
- delete | ||
apiGroups: | ||
- '' | ||
resources: | ||
- pods | ||
- verbs: | ||
- get | ||
- list | ||
- create | ||
- patch | ||
- watch | ||
- delete | ||
apiGroups: | ||
- apps | ||
resources: | ||
- deployments | ||
- verbs: | ||
- list | ||
- create | ||
- delete | ||
apiGroups: | ||
- '' | ||
resources: | ||
- services | ||
- verbs: | ||
- create | ||
- delete | ||
apiGroups: | ||
- '' | ||
resources: | ||
- configmaps | ||
- verbs: | ||
- list | ||
- create | ||
- delete | ||
apiGroups: | ||
- route.openshift.io | ||
resources: | ||
- routes | ||
- verbs: | ||
- watch | ||
apiGroups: | ||
- '' | ||
resources: | ||
- events | ||
- verbs: | ||
- list | ||
- get | ||
- patch | ||
- delete | ||
apiGroups: | ||
- apps | ||
resources: | ||
- replicasets | ||
- apiGroups: | ||
- extensions | ||
resources: | ||
- ingresses | ||
verbs: | ||
- list | ||
- create | ||
- watch | ||
- get | ||
- delete | ||
- apiGroups: | ||
- '' | ||
resources: | ||
- namespaces | ||
verbs: | ||
- get |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
# | ||
# Copyright (c) 2012-2019 Red Hat, Inc. | ||
# This program and the accompanying materials are made | ||
# available under the terms of the Eclipse Public License 2.0 | ||
# which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
# | ||
# SPDX-License-Identifier: EPL-2.0 | ||
# | ||
# Contributors: | ||
# Red Hat, Inc. - initial API and implementation | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: che-create-namespaces | ||
labels: | ||
app: che | ||
component: che | ||
rules: | ||
- verbs: | ||
- create | ||
- update | ||
apiGroups: | ||
- project.openshift.io | ||
resources: | ||
- projectrequests | ||
- apiGroups: | ||
- "" | ||
resources: | ||
- namespaces | ||
verbs: | ||
- create | ||
- update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
#!/bin/bash | ||
# | ||
# Copyright (c) 2012-2018 Red Hat, Inc. | ||
# This program and the accompanying materials are made | ||
# available under the terms of the Eclipse Public License 2.0 | ||
# which is available at https://www.eclipse.org/legal/epl-2.0/ | ||
# | ||
# SPDX-License-Identifier: EPL-2.0 | ||
# | ||
# Contributors: | ||
# Red Hat, Inc. - initial API and implementation | ||
set -e | ||
set -x | ||
|
||
if [ -z "${1}" ]; then | ||
echo "missing namespace parameter './deploy_k8s.sh <che-namespace>'" | ||
exit 1 | ||
fi | ||
NAMESPACE=${1} | ||
|
||
BASE_DIR=$(cd "$(dirname "$0")"; pwd) | ||
|
||
kubectl apply -f "${BASE_DIR}"/deploy/service_account.yaml -n="${NAMESPACE}" | ||
kubectl apply -f "${BASE_DIR}"/deploy/role.yaml -n="${NAMESPACE}" | ||
kubectl apply -f "${BASE_DIR}"/deploy/role_binding.yaml -n="${NAMESPACE}" | ||
|
||
kubectl apply -f "${BASE_DIR}"/deploy/cluster_role.yaml | ||
kubectl apply -f "${BASE_DIR}"/deploy/cluster_role_che.yaml | ||
kubectl apply -f "${BASE_DIR}"/deploy/cluster_role_createns.yaml | ||
|
||
kubectl apply -f "${BASE_DIR}"/deploy/cluster_role_binding.yaml -n="${NAMESPACE}" | ||
kubectl apply -f "${BASE_DIR}"/deploy/cluster_role_binding_che.yaml -n="${NAMESPACE}" | ||
kubectl apply -f "${BASE_DIR}"/deploy/cluster_role_binding_createns.yaml -n="${NAMESPACE}" | ||
|
||
kubectl apply -f "${BASE_DIR}"/deploy/crds/org_v1_che_crd.yaml -n="${NAMESPACE}" | ||
|
||
# sometimes the operator cannot get CRD right away | ||
sleep 2 | ||
|
||
kubectl apply -f "${BASE_DIR}"/deploy/operator.yaml -n="${NAMESPACE}" | ||
kubectl apply -f "${BASE_DIR}"/deploy/crds/org_v1_che_cr.yaml -n="${NAMESPACE}" |
6 changes: 5 additions & 1 deletion
6
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/csv-config.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,7 @@ | ||
role-paths: [ "generated/roles/role.yaml" ] | ||
role-paths: | ||
- "generated/roles/role.yaml" | ||
- "../../deploy/cluster_role.yaml" | ||
- "../../deploy/cluster_role_che.yaml" | ||
- "../../deploy/cluster_role_createns.yaml" | ||
operator-path: ../../deploy/operator.yaml | ||
crd-cr-paths: ["../../deploy/crds/org_v1_che_crd.yaml"] |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is not right that we have links to private images in Che project.
But this is out of scope of this PR.