diff --git a/src/agent/fabric-operator/README.md b/src/agent/fabric-operator/README.md index 65fdc445f..f702c4d70 100755 --- a/src/agent/fabric-operator/README.md +++ b/src/agent/fabric-operator/README.md @@ -31,12 +31,12 @@ customresourcedefinition.apiextensions.k8s.io/peers.fabric.hyperledger.org creat Once the operator crds get created, start up the controller using the following command ``` kubectl apply \ - -f https://github.com/hyperledger/cello/blob/master/src/agent/fabric-operator/deploy/service_account.yaml?raw=true \ - -f https://github.com/hyperledger/cello/blob/master/src/agent/fabric-operator/deploy/role.yaml?raw=true \ - -f https://github.com/hyperledger/cello/blob/master/src/agent/fabric-operator/deploy/role_binding.yaml?raw=true \ + -f https://github.com/hyperledger/cello/blob/master/src/agent/fabric-operator/deploy/fabric-operator.yaml?raw=true \ -f https://github.com/hyperledger/cello/blob/master/src/agent/fabric-operator/deploy/operator.yaml?raw=true ``` -The above command starts up the fabric operator controller in your k8s cluster. If your k8s cluster already has the controller running, you can skip this step. +The above command starts up the fabric operator controller in your default namespace of your k8s cluster. If you try to use +a different namespace, you should download the fabric-operator.yaml file and change the namespace from default to whatever +the namespace that you want to use. ### [Stand up a Fabric CA node](#startupca) diff --git a/src/agent/fabric-operator/deploy/fabric-operator.yaml b/src/agent/fabric-operator/deploy/fabric-operator.yaml new file mode 100755 index 000000000..a6be4a79e --- /dev/null +++ b/src/agent/fabric-operator/deploy/fabric-operator.yaml @@ -0,0 +1,110 @@ +apiVersion: v1 +kind: List +items: +- apiVersion: v1 + kind: ServiceAccount + metadata: + name: fabric-operator + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + creationTimestamp: null + name: fabric-operator + rules: + - apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - fabric-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - apiGroups: + - fabric.hyperledger.org + resources: + - '*' + - peers + - orderers + verbs: + - '*' + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + creationTimestamp: null + name: cluster-fabric-operator + rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: fabric-operator + roleRef: + kind: Role + name: fabric-operator + apiGroup: rbac.authorization.k8s.io + subjects: + - kind: ServiceAccount + name: fabric-operator + +- apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cluster-fabric-operator + roleRef: + kind: ClusterRole + name: cluster-fabric-operator + apiGroup: rbac.authorization.k8s.io + subjects: + - kind: ServiceAccount + name: fabric-operator + namespace: "default" \ No newline at end of file diff --git a/src/agent/fabric-operator/deploy/operator.yaml b/src/agent/fabric-operator/deploy/operator.yaml index 0350d39fe..fbc4b23e7 100755 --- a/src/agent/fabric-operator/deploy/operator.yaml +++ b/src/agent/fabric-operator/deploy/operator.yaml @@ -19,7 +19,7 @@ spec: image: hyperledger/cello-fabric-operator:latest command: - fabric-operator - imagePullPolicy: Always + imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE valueFrom: diff --git a/src/agent/fabric-operator/deploy/role.yaml b/src/agent/fabric-operator/deploy/role.yaml deleted file mode 100644 index e7c6ea457..000000000 --- a/src/agent/fabric-operator/deploy/role.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - creationTimestamp: null - name: fabric-operator -rules: -- apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - apps - resourceNames: - - fabric-operator - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - get -- apiGroups: - - apps - resources: - - replicasets - verbs: - - get -- apiGroups: - - fabric.hyperledger.org - resources: - - '*' - - peers - - orderers - verbs: - - '*' diff --git a/src/agent/fabric-operator/deploy/role_binding.yaml b/src/agent/fabric-operator/deploy/role_binding.yaml deleted file mode 100644 index d2bbee0d2..000000000 --- a/src/agent/fabric-operator/deploy/role_binding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fabric-operator -subjects: -- kind: ServiceAccount - name: fabric-operator -roleRef: - kind: Role - name: fabric-operator - apiGroup: rbac.authorization.k8s.io diff --git a/src/agent/fabric-operator/deploy/service_account.yaml b/src/agent/fabric-operator/deploy/service_account.yaml deleted file mode 100644 index 4d7acb9ee..000000000 --- a/src/agent/fabric-operator/deploy/service_account.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: fabric-operator