From 5e8d4fefc66e5c2ea18f6c3e9e70f802f1db860b Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Tue, 11 Jul 2023 10:36:57 +0200
Subject: [PATCH] OZG-3961 - konfiguration service account

---
 README.md                                        |  8 +++++---
 ...=> serviceaccount-keycloak-secrets-read.yaml} | 16 +++++++++-------
 .../serviceaccount-keycloakclient-read.yaml      |  2 +-
 .../serviceaccount-keycloakclient-write.yaml     |  2 +-
 .../serviceaccount-keycloakgroup-read.yaml       |  2 +-
 .../serviceaccount-keycloakgroup-write.yaml      |  2 +-
 .../serviceaccount-keycloakrealm-read.yaml       |  2 +-
 .../serviceaccount-keycloakrealm-write.yaml      |  2 +-
 .../serviceaccount-keycloakuser-read.yaml        |  2 +-
 .../serviceaccount-keycloakuser-write.yaml       |  2 +-
 10 files changed, 22 insertions(+), 18 deletions(-)
 rename doc/ServiceAccount/{serviceaccount-secrets-read.yaml => serviceaccount-keycloak-secrets-read.yaml} (81%)

diff --git a/README.md b/README.md
index 3e9d4a9..0a1d639 100644
--- a/README.md
+++ b/README.md
@@ -6,9 +6,11 @@
 
 ### CRDs im Cluster anlegen
 
-    kubectl apply -f doc/crds/*yaml
+    kubectl apply -f doc/crds/
 
-### Service Account anlegen
+### Service Account RBACs anlegen
 
-    kubectl apply -f doc/ServiceAccount/*yaml
+    kubectl apply -f doc/ServiceAccount/
+
+Hinweis: Der Service Account wird automatisch angelegt
 
diff --git a/doc/ServiceAccount/serviceaccount-secrets-read.yaml b/doc/ServiceAccount/serviceaccount-keycloak-secrets-read.yaml
similarity index 81%
rename from doc/ServiceAccount/serviceaccount-secrets-read.yaml
rename to doc/ServiceAccount/serviceaccount-keycloak-secrets-read.yaml
index 0a4e23d..09b5b01 100644
--- a/doc/ServiceAccount/serviceaccount-secrets-read.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloak-secrets-read.yaml
@@ -23,23 +23,25 @@
 #
 
 ---
-kind: ClusterRoleBinding
+kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: ozg-operator-secrets-viewer-role-binding
+  name: ozg-operator-keycloak-secrets-viewer-role-binding
+  namespace: keycloak
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev        
 roleRef:
-  kind: ClusterRole
-  name: ozg-operator-secrets-viewer-role
+  kind: Role
+  name: ozg-operator-keycloak-secrets-viewer-role
   apiGroup: rbac.authorization.k8s.io
 ---
-kind: ClusterRole
+kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: ozg-operator-secrets-viewer-role
+  name: ozg-operator-keycloak-secrets-viewer-role
+  namespace: keycloak
 rules:
   - apiGroups:
       - "*"
diff --git a/doc/ServiceAccount/serviceaccount-keycloakclient-read.yaml b/doc/ServiceAccount/serviceaccount-keycloakclient-read.yaml
index fdaada3..c1f640e 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakclient-read.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakclient-read.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakclient-viewer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakclient-write.yaml b/doc/ServiceAccount/serviceaccount-keycloakclient-write.yaml
index f8bf6b1..1da9ae4 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakclient-write.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakclient-write.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakclient-writer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakgroup-read.yaml b/doc/ServiceAccount/serviceaccount-keycloakgroup-read.yaml
index b783031..935cb07 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakgroup-read.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakgroup-read.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakgroup-viewer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakgroup-write.yaml b/doc/ServiceAccount/serviceaccount-keycloakgroup-write.yaml
index 4ec0488..e1711a9 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakgroup-write.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakgroup-write.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakgroup-writer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakrealm-read.yaml b/doc/ServiceAccount/serviceaccount-keycloakrealm-read.yaml
index a2fd06e..a7c8421 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakrealm-read.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakrealm-read.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakrealm-viewer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakrealm-write.yaml b/doc/ServiceAccount/serviceaccount-keycloakrealm-write.yaml
index e38b5c9..6214aa0 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakrealm-write.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakrealm-write.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakrealm-writer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakuser-read.yaml b/doc/ServiceAccount/serviceaccount-keycloakuser-read.yaml
index 5a7e419..27641a5 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakuser-read.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakuser-read.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakuser-viewer-role
diff --git a/doc/ServiceAccount/serviceaccount-keycloakuser-write.yaml b/doc/ServiceAccount/serviceaccount-keycloakuser-write.yaml
index 297dc04..530497e 100644
--- a/doc/ServiceAccount/serviceaccount-keycloakuser-write.yaml
+++ b/doc/ServiceAccount/serviceaccount-keycloakuser-write.yaml
@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakuser-writer-role
-- 
GitLab