operator-namespaced.yaml

# This YAML file lists all *namespaced* objects that the operator
# needs to do its job when running inside the cluster.
#
# 💡 The namespace is always `wordpress-test`. Substitute it (as the
# OLM controller does) if you want to run the operator in another
# namespace.
#
# See also `opeator-non-namespaced.yaml`
---
# ServiceAccount/wp-operator
apiVersion: v1
kind: ServiceAccount
metadata:
  name: wp-operator
  namespace: wordpress-test
automountServiceAccountToken: false

---
# RoleBinding/wp-operator
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: wp-operator
  namespace: wordpress-test
subjects:
- kind: ServiceAccount
  name: wp-operator
  namespace: wordpress-test
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: wp-operator

---
# Role/wp-operator
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: wp-operator
  namespace: wordpress-test
rules:
  - apiGroups: ['wordpress.epfl.ch']
    resources:
    - wordpresssites
    - wordpresssites/status
    verbs: ['*']
  - apiGroups: ['networking.k8s.io']
    resources:
    - ingresses
    verbs: ['*']
  - apiGroups: ['']
    resources:
    - events
    verbs: ['create', 'patch']
  - apiGroups: ['k8s.mariadb.com']
    resources:
    - backups
    - connections
    - databases
    - grants
    - mariadbs
    - restores
    - sqljobs
    - users
    verbs: ['*']
  - apiGroups: ['']
    resources:
    - secrets
    verbs: ['*']
  - apiGroups: ['']
    resources: ['configmaps']
    verbs: ['*']

---
# Deployment/wp-operator
apiVersion: apps/v1
kind: Deployment
metadata:
  name: wp-operator
  namespace: wordpress-test
spec:
  replicas: 1
  selector:
    matchLabels:
      app: wp-operator
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: wp-operator
    spec:
      serviceAccountName: wp-operator
      automountServiceAccountToken: true
      containers:
        - name: wp-operator
          image: quay-its.epfl.ch/svc0041/wp-operator:latest
          args:
          - --namespace=wordpress-test
          - --
          - --db-host
          - mariadb-min.wordpress-test.svc
          - --wp-dir=/wp/6

      imagePullSecrets:
        - name: svc0041-rke2-puller-pull-secret
      restartPolicy: Always