OZG-3961 - konfiguration service account

README.md

@@ -6,9 +6,11 @@
 
 ### CRDs im Cluster anlegen
 
-    kubectl apply -f doc/crds/*yaml
+    kubectl apply -f doc/crds/
 
-### Service Account anlegen
+### Service Account RBACs anlegen
 
-    kubectl apply -f doc/ServiceAccount/*yaml
+    kubectl apply -f doc/ServiceAccount/
+
+Hinweis: Der Service Account wird automatisch angelegt
 

doc/ServiceAccount/serviceaccount-secrets-read.yaml → doc/ServiceAccount/serviceaccount-keycloak-secrets-read.yaml

@@ -23,23 +23,25 @@
 #
 
 ---
-kind: ClusterRoleBinding
+kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: ozg-operator-secrets-viewer-role-binding
+  name: ozg-operator-keycloak-secrets-viewer-role-binding
+  namespace: keycloak
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev        
 roleRef:
-  kind: ClusterRole
-  name: ozg-operator-secrets-viewer-role
+  kind: Role
+  name: ozg-operator-keycloak-secrets-viewer-role
   apiGroup: rbac.authorization.k8s.io
 ---
-kind: ClusterRole
+kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: ozg-operator-secrets-viewer-role
+  name: ozg-operator-keycloak-secrets-viewer-role
+  namespace: keycloak
 rules:
   - apiGroups:
       - "*"

doc/ServiceAccount/serviceaccount-keycloakclient-read.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakclient-viewer-role

doc/ServiceAccount/serviceaccount-keycloakclient-write.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakclient-writer-role

doc/ServiceAccount/serviceaccount-keycloakgroup-read.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakgroup-viewer-role

doc/ServiceAccount/serviceaccount-keycloakgroup-write.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakgroup-writer-role

doc/ServiceAccount/serviceaccount-keycloakrealm-read.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakrealm-viewer-role

doc/ServiceAccount/serviceaccount-keycloakrealm-write.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakrealm-writer-role

doc/ServiceAccount/serviceaccount-keycloakuser-read.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakuser-viewer-role

doc/ServiceAccount/serviceaccount-keycloakuser-write.yaml

@@ -30,7 +30,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: ozg-operator-serviceaccount
-    namespace: by-torsten-ozg-operator-dev
+    namespace: by-ozg-operator-dev
 roleRef:
   kind: ClusterRole
   name: ozg-operator-keycloakuser-writer-role