Jean-Gabriel Gill-Couture
99e661ce4d
All checks were successful
Run Check Script / check (pull_request) Successful in 2m44s
Chapter 3 scaffolding. Chart layout mirrors the CloudNativePG convention after reviewing the CRD-in-chart vs CRD-as-hook tradeoff: CRDs live inside templates/ (so helm upgrade re-applies schema changes) with helm.sh/resource-policy: keep so helm uninstall never deletes them. Chart publication target is hub.nationtech.io. CRD yaml is generated at chart-release time by a new `iot-operator-v0 gen-chart-crd` subcommand reading Deployment::crd() — the runtime install path remains the typed Score; only the chart deliverable uses generated yaml. Wrapped with the helm conditional + annotations by templates/crds.yaml via .Files.Get so the generated yaml stays pure. Install / upgrade / uninstall-preserves-CRD validated against a scratch k3d cluster; the operator pod naturally stays pending because the hub.nationtech.io image hasn't been published yet.
22 lines
811 B
YAML
22 lines
811 B
YAML
{{- if .Values.rbac.create -}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: {{ include "iot-operator-v0.fullname" . }}
|
|
labels:
|
|
{{- include "iot-operator-v0.labels" . | nindent 4 }}
|
|
rules:
|
|
# Reconcile loop: watch the Deployment CRs and update their
|
|
# status subresource.
|
|
- apiGroups: ["iot.nationtech.io"]
|
|
resources: ["deployments"]
|
|
verbs: ["get", "list", "watch", "patch", "update"]
|
|
- apiGroups: ["iot.nationtech.io"]
|
|
resources: ["deployments/status"]
|
|
verbs: ["get", "patch", "update"]
|
|
# Finalizer add/remove — kube-rs's finalizer() helper patches the
|
|
# main CR, covered by the deployments rule above. Kept explicit
|
|
# here as a forward-compat note: if we add additional custom
|
|
# finalizer-guarded resources, extend this block.
|
|
{{- end -}}
|