jwetzell/ontime-k8s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move stage-editor stuff to ontime-operator

Browse Source
This commit is contained in:
Joel Wetzell
2025-10-28 17:07:38 -05:00
parent b9a69a7d5d
commit d5d4d51756
7 changed files with 7 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/stage-maker/kustomization.yaml
View File

@@ -1,7 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster-role-binding.yaml
- namespace-prefix-policy.yaml
- namespace.yaml
- service-account.yaml

4
apps/stage-maker/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: stage-maker

16
clusters/ontime-dev/apps.yaml
View File

@@ -1,16 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: apps
namespace: flux-system
spec:
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: flux-system
path: ./apps
prune: true
wait: true

4
apps/stage-maker/cluster-role-binding.yaml → infrastructure/ontime-operator/cluster-role-binding.yaml
View File

@@ -14,7 +14,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: stage-editor name: stage-editor
namespace: stage-maker namespace: ontime-operator-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: ontime-operator-stage-editor-role name: ontime-operator-stage-editor-role
@@ -27,7 +27,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: stage-editor name: stage-editor
namespace: stage-maker namespace: ontime-operator-system
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: edit-namespaces name: edit-namespaces

2
infrastructure/ontime-operator/kustomization.yaml
View File

@@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ./deploy.yaml - ./deploy.yaml
- ./namepsace-prefix-policy.yaml
- ./service-account.yaml

2
apps/stage-maker/namespace-prefix-policy.yaml → infrastructure/ontime-operator/namespace-prefix-policy.yaml
View File

@@ -12,7 +12,7 @@ spec:
resources: ["namespaces"] resources: ["namespaces"]
matchConditions: matchConditions:
- name: 'only-stage-editor' - name: 'only-stage-editor'
expression: "request.userInfo.username == 'system:serviceaccount:stage-maker:stage-editor'" expression: "request.userInfo.username == 'system:serviceaccount:ontime-operator-system:stage-editor'"
validations: validations:
- expression: "object.metadata.name.startsWith('team-')" - expression: "object.metadata.name.startsWith('team-')"
message: "All namespaces managed by stage-editor must start with 'team-'" message: "All namespaces managed by stage-editor must start with 'team-'"

2
apps/stage-maker/service-account.yaml → infrastructure/ontime-operator/service-account.yaml
View File

@@ -2,4 +2,4 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: stage-editor name: stage-editor
namespace: stage-maker namespace: ontime-operator-system