move stage-editor stuff to ontime-operator

2025-10-28 17:07:38 -05:00
parent b9a69a7d5d
commit d5d4d51756
7 changed files with 7 additions and 32 deletions
--- a/apps/stage-maker/kustomization.yaml
+++ b/apps/stage-maker/kustomization.yaml
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - cluster-role-binding.yaml
-  - namespace-prefix-policy.yaml
-  - namespace.yaml
-  - service-account.yaml
--- a/apps/stage-maker/namespace.yaml
+++ b/apps/stage-maker/namespace.yaml
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: stage-maker
--- a/clusters/ontime-dev/apps.yaml
+++ b/clusters/ontime-dev/apps.yaml
@@ -1,16 +0,0 @@
---
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
-  name: apps
-  namespace: flux-system
-spec:
-  interval: 1h
-  retryInterval: 1m
-  timeout: 5m
-  sourceRef:
-    kind: GitRepository
-    name: flux-system
-  path: ./apps
-  prune: true
-  wait: true
--- a/infrastructure/ontime-operator/cluster-role-binding.yaml
+++ b/infrastructure/ontime-operator/cluster-role-binding.yaml
@@ -14,7 +14,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
  name: stage-editor
-  namespace: stage-maker
+  namespace: ontime-operator-system
 roleRef:
  kind: ClusterRole
  name: ontime-operator-stage-editor-role
@@ -27,7 +27,7 @@ metadata:
 subjects:
 - kind: ServiceAccount
  name: stage-editor
-  namespace: stage-maker
+  namespace: ontime-operator-system
 roleRef:
  kind: ClusterRole
  name: edit-namespaces
--- a/infrastructure/ontime-operator/kustomization.yaml
+++ b/infrastructure/ontime-operator/kustomization.yaml
@@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
    - ./deploy.yaml
+    - ./namepsace-prefix-policy.yaml
+    - ./service-account.yaml
--- a/infrastructure/ontime-operator/namespace-prefix-policy.yaml
+++ b/infrastructure/ontime-operator/namespace-prefix-policy.yaml
@@ -12,7 +12,7 @@ spec:
      resources:   ["namespaces"]
  matchConditions:
    - name: 'only-stage-editor'
-      expression: "request.userInfo.username == 'system:serviceaccount:stage-maker:stage-editor'"
+      expression: "request.userInfo.username == 'system:serviceaccount:ontime-operator-system:stage-editor'"
  validations:
    - expression: "object.metadata.name.startsWith('team-')"
      message: "All namespaces managed by stage-editor must start with 'team-'"
--- a/infrastructure/ontime-operator/service-account.yaml
+++ b/infrastructure/ontime-operator/service-account.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: stage-editor
-  namespace: stage-maker
+  namespace: ontime-operator-system