Skip to content

Commit 1845b62

Browse files
Per Goncalves da Silvaperdasilva
Per Goncalves da Silva
authored and
perdasilva
committed
Update demo
Signed-off-by: Per Goncalves da Silva <[email protected]>
1 parent fef8063 commit 1845b62

File tree

4 files changed

+54
-19
lines changed

4 files changed

+54
-19
lines changed

Diff for: hack/demo/resources/synthetic-user-perms/argocd-clusterextension.yaml

+13
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
apiVersion: olm.operatorframework.io/v1
2+
kind: ClusterExtension
3+
metadata:
4+
name: argocd-operator
5+
spec:
6+
namespace: argocd-system
7+
serviceAccount:
8+
name: "olm.synthetic-user"
9+
source:
10+
sourceType: Catalog
11+
catalog:
12+
packageName: argocd-operator
13+
version: 0.6.0

Diff for: hack/demo/resources/synthetic-user-perms/cegroup-admin-binding.yaml

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRoleBinding
3+
metadata:
4+
name: clusterextensions-group-admin-binding
5+
roleRef:
6+
apiGroup: rbac.authorization.k8s.io
7+
kind: ClusterRole
8+
name: cluster-admin
9+
subjects:
10+
- kind: Group
11+
name: "olm:clusterextensions"

Diff for: hack/demo/resources/synthetic-user-perms-demo.yaml renamed to hack/demo/resources/synthetic-user-perms/synthetic-user-perms-demo.yaml

-19
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,4 @@
11
---
2-
apiVersion: v1
3-
kind: Namespace
4-
metadata:
5-
name: argocd-system
6-
---
72
apiVersion: rbac.authorization.k8s.io/v1
83
kind: ClusterRole
94
metadata:
@@ -111,17 +106,3 @@ roleRef:
111106
subjects:
112107
- kind: User
113108
name: "olm:clusterextensions:argocd-operator"
114-
---
115-
apiVersion: olm.operatorframework.io/v1
116-
kind: ClusterExtension
117-
metadata:
118-
name: argocd-operator
119-
spec:
120-
namespace: argocd-system
121-
serviceAccount:
122-
name: "olm.synthetic-user"
123-
source:
124-
sourceType: Catalog
125-
catalog:
126-
packageName: argocd-operator
127-
version: 0.6.0

Diff for: hack/demo/synthetic-user-cluster-admin-demo.sh

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
#!/usr/bin/env bash
2+
3+
#
4+
# Welcome to the SingleNamespace install mode demo
5+
#
6+
trap "trap - SIGTERM && kill -- -$$" SIGINT SIGTERM EXIT
7+
8+
# enable 'SyntheticPermissions' feature
9+
kubectl kustomize config/overlays/featuregate/synthetic-user-permissions | kubectl apply -f -
10+
11+
# wait for operator-controller to become available
12+
kubectl rollout status -n olmv1-system deployment/operator-controller-controller-manager
13+
14+
# create install namespace
15+
kubectl create ns argocd-system
16+
17+
# give cluster extension group cluster admin privileges - all cluster extensions installer users will be cluster admin
18+
bat --style=plain ${DEMO_RESOURCE_DIR}/synthetic-user-perms/cegroup-admin-binding.yaml
19+
20+
# apply cluster role binding
21+
kubectl apply -f ${DEMO_RESOURCE_DIR}/synthetic-user-perms/cegroup-admin-binding.yaml
22+
23+
# install cluster extension - for now .spec.serviceAccount = "olm.synthetic-user"
24+
bat --style=plain ${DEMO_RESOURCE_DIR}/synthetic-user-perms/argocd-clusterextension.yaml
25+
26+
# apply cluster extension
27+
kubectl apply -f ${DEMO_RESOURCE_DIR}/synthetic-user-perms/argocd-clusterextension.yaml
28+
29+
# wait for cluster extension installation to succeed
30+
kubectl wait --for=condition=Installed clusterextension/argocd-operator --timeout="60s"

0 commit comments

Comments
 (0)