From abc45b0dd685362812f494816dc62e5153cd816c Mon Sep 17 00:00:00 2001
From: Josef Taha <josef.taha@tuwien.ac.at>
Date: Tue, 16 Jul 2024 12:48:38 +0200
Subject: [PATCH] fix: added more permissions for operator role; now its fully
 functional

---
 .../config-server-operator/templates/crd.yaml | 66 -------------------
 .../templates/deployment.yaml                 |  2 +-
 .../templates/pre-delete-hook.yaml            |  1 +
 .../templates/server.yaml                     | 10 +++
 .../templates/service-account.yaml            | 10 ++-
 5 files changed, 19 insertions(+), 70 deletions(-)
 delete mode 100644 chart/config-server-operator/templates/crd.yaml
 create mode 100644 chart/config-server-operator/templates/server.yaml

diff --git a/chart/config-server-operator/templates/crd.yaml b/chart/config-server-operator/templates/crd.yaml
deleted file mode 100644
index 0ce7b73..0000000
--- a/chart/config-server-operator/templates/crd.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: configservers.datalab.tuwien.ac.at
-spec:
-  scope: Namespaced
-  group: datalab.tuwien.ac.at
-  names:
-    kind: ConfigServer
-    plural: configservers
-    singular: configserver
-    shortNames:
-      - cfg-server
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              properties:
-                image:
-                  type: string
-                imagePullPolicy:
-                  type: string
-                containerPort:
-                  type: integer
-                configMountPath:
-                  type: string
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  name: keyvaluepairs.datalab.tuwien.ac.at
-spec:
-  scope: Namespaced
-  group: datalab.tuwien.ac.at
-  names:
-    kind: KeyValuePair
-    plural: keyvaluepairs
-    singular: keyvaluepair
-    shortNames:
-      - kvpair
-      - kvp
-  versions:
-    - name: v1
-      served: true
-      storage: true
-      schema:
-        openAPIV3Schema:
-          type: object
-          properties:
-            spec:
-              type: object
-              properties:
-                config:
-                  type: string
-                key:
-                  type: string
-                value:
-                  x-kubernetes-preserve-unknown-fields: true
-                  type: object
diff --git a/chart/config-server-operator/templates/deployment.yaml b/chart/config-server-operator/templates/deployment.yaml
index bfebddd..859c470 100644
--- a/chart/config-server-operator/templates/deployment.yaml
+++ b/chart/config-server-operator/templates/deployment.yaml
@@ -18,4 +18,4 @@ spec:
       serviceAccountName: config-server-service-account
       containers:
       - name: config-server-operator
-        image: registry.datalab.tuwien.ac.at/config_server/operator:latest
\ No newline at end of file
+        image: ghcr.io/tu-wien-datalab/config-server-operator:sha-ad9a4e7
\ No newline at end of file
diff --git a/chart/config-server-operator/templates/pre-delete-hook.yaml b/chart/config-server-operator/templates/pre-delete-hook.yaml
index 1f8cb3a..6996507 100644
--- a/chart/config-server-operator/templates/pre-delete-hook.yaml
+++ b/chart/config-server-operator/templates/pre-delete-hook.yaml
@@ -17,4 +17,5 @@ spec:
             - -c
             - |
               kubectl delete cfg-server --all -n {{ .Values.namespace }}
+              kubectl delete kvp --all -n {{ .Values.namespace }}
       restartPolicy: OnFailure
diff --git a/chart/config-server-operator/templates/server.yaml b/chart/config-server-operator/templates/server.yaml
new file mode 100644
index 0000000..ad59cd5
--- /dev/null
+++ b/chart/config-server-operator/templates/server.yaml
@@ -0,0 +1,10 @@
+apiVersion: datalab.tuwien.ac.at/v1
+kind: ConfigServer
+metadata:
+  name: server-config
+  namespace: "{{ .Values.namespace }}"
+spec:
+  image: ghcr.io/tu-wien-datalab/config-server:main
+  imagePullPolicy: IfNotPresent
+  containerPort: 80
+  configMountPath: /var/lib/config-server
\ No newline at end of file
diff --git a/chart/config-server-operator/templates/service-account.yaml b/chart/config-server-operator/templates/service-account.yaml
index c1ed539..e5858fb 100644
--- a/chart/config-server-operator/templates/service-account.yaml
+++ b/chart/config-server-operator/templates/service-account.yaml
@@ -15,8 +15,8 @@ rules:
     verbs: [list, watch]
     
   - apiGroups: [""]
-    resources: [namespaces]
-    verbs: [list, watch]
+    resources: [configmaps, services, namespaces, events]
+    verbs: [list, watch, create, patch, delete, get]
 
   - apiGroups: [admissionregistration.k8s.io/v1, admissionregistration.k8s.io/v1beta1]
     resources: [validatingwebhookconfigurations, mutatingwebhookconfigurations]
@@ -24,8 +24,12 @@ rules:
 
   - apiGroups: [datalab.tuwien.ac.at]
     resources: [configservers, keyvaluepairs]
-    verbs: [list, watch, create, patch, delete]
+    verbs: [list, watch, create, patch, delete, get]
 
+  - apiGroups: ["apps"]
+    resources: [deployments]
+    verbs: [list, watch, create, patch, delete]
+    
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding