From 5a541e2e0032a93065b8fa42bc11eb8505d3b4d4 Mon Sep 17 00:00:00 2001
From: Armel Soro <asoro@redhat.com>
Date: Fri, 3 Jan 2025 23:47:44 +0100
Subject: [PATCH] Fix the controller service labels

---
 ...age.io-operator.clusterserviceversion.yaml |  2 +-
 .../profile/backstage.io/kustomization.yaml   |  2 +-
 config/profile/external/kustomization.yaml    |  2 +-
 config/profile/rhdh/kustomization.yaml        |  4 +-
 .../{ => _common}/backstage_editor_role.yaml  |  0
 .../{ => _common}/backstage_viewer_role.yaml  |  0
 config/rbac/{ => _common}/kustomization.yaml  |  1 -
 .../{ => _common}/leader_election_role.yaml   |  0
 .../leader_election_role_binding.yaml         |  0
 .../rbac/{ => _common}/metrics_auth_role.yaml |  0
 .../metrics_auth_role_binding.yaml            |  0
 config/rbac/{ => _common}/metrics_reader.yaml |  0
 config/rbac/_common/role.yaml                 | 81 +++++++++++++++++++
 config/rbac/{ => _common}/role_binding.yaml   |  0
 .../rbac/{ => _common}/service_account.yaml   |  0
 config/rbac/backstage.io/kustomization.yaml   |  4 +
 .../{ => backstage.io}/metrics_service.yaml   |  4 +-
 config/rbac/rhdh/kustomization.yaml           |  4 +
 config/rbac/rhdh/metrics_service.yaml         | 21 +++++
 19 files changed, 117 insertions(+), 8 deletions(-)
 rename config/rbac/{ => _common}/backstage_editor_role.yaml (100%)
 rename config/rbac/{ => _common}/backstage_viewer_role.yaml (100%)
 rename config/rbac/{ => _common}/kustomization.yaml (98%)
 rename config/rbac/{ => _common}/leader_election_role.yaml (100%)
 rename config/rbac/{ => _common}/leader_election_role_binding.yaml (100%)
 rename config/rbac/{ => _common}/metrics_auth_role.yaml (100%)
 rename config/rbac/{ => _common}/metrics_auth_role_binding.yaml (100%)
 rename config/rbac/{ => _common}/metrics_reader.yaml (100%)
 create mode 100644 config/rbac/_common/role.yaml
 rename config/rbac/{ => _common}/role_binding.yaml (100%)
 rename config/rbac/{ => _common}/service_account.yaml (100%)
 create mode 100644 config/rbac/backstage.io/kustomization.yaml
 rename config/rbac/{ => backstage.io}/metrics_service.yaml (90%)
 create mode 100644 config/rbac/rhdh/kustomization.yaml
 create mode 100644 config/rbac/rhdh/metrics_service.yaml

diff --git a/bundle/backstage.io/manifests/backstage.io-operator.clusterserviceversion.yaml b/bundle/backstage.io/manifests/backstage.io-operator.clusterserviceversion.yaml
index 151cfbec..ba474853 100644
--- a/bundle/backstage.io/manifests/backstage.io-operator.clusterserviceversion.yaml
+++ b/bundle/backstage.io/manifests/backstage.io-operator.clusterserviceversion.yaml
@@ -35,7 +35,7 @@ metadata:
           }
         }
       ]
-    createdAt: "2025-01-03T14:59:00Z"
+    createdAt: "2025-01-03T22:26:24Z"
     description: Backstage Operator
     operators.operatorframework.io/builder: operator-sdk-v1.37.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v4
diff --git a/config/profile/backstage.io/kustomization.yaml b/config/profile/backstage.io/kustomization.yaml
index fa11c7ed..399b6481 100644
--- a/config/profile/backstage.io/kustomization.yaml
+++ b/config/profile/backstage.io/kustomization.yaml
@@ -13,7 +13,7 @@ namePrefix: backstage-
 
 resources:
 - ../../crd
-- ../../rbac
+- ../../rbac/backstage.io
 - manager.yaml
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
diff --git a/config/profile/external/kustomization.yaml b/config/profile/external/kustomization.yaml
index 8cfea734..da673847 100644
--- a/config/profile/external/kustomization.yaml
+++ b/config/profile/external/kustomization.yaml
@@ -8,7 +8,7 @@ namePrefix: backstage-
 
 resources:
 - ../../crd
-- ../../rbac
+- ../../rbac/external
 #- ../../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
diff --git a/config/profile/rhdh/kustomization.yaml b/config/profile/rhdh/kustomization.yaml
index ccb124a5..0a6110e9 100644
--- a/config/profile/rhdh/kustomization.yaml
+++ b/config/profile/rhdh/kustomization.yaml
@@ -13,7 +13,7 @@ namePrefix: rhdh-
 
 resources:
 - ../../crd
-- ../../rbac
+- ../../rbac/rhdh
 - manager.yaml
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
@@ -135,7 +135,7 @@ resources:
 
 images:
 - name: controller
-  newName: registry.redhat.io/rhdh/rhdh-rhel9-operator
+  newName: quay.io/rhdh/rhdh-rhel9-operator
   newTag: "1.5"
 
 generatorOptions:
diff --git a/config/rbac/backstage_editor_role.yaml b/config/rbac/_common/backstage_editor_role.yaml
similarity index 100%
rename from config/rbac/backstage_editor_role.yaml
rename to config/rbac/_common/backstage_editor_role.yaml
diff --git a/config/rbac/backstage_viewer_role.yaml b/config/rbac/_common/backstage_viewer_role.yaml
similarity index 100%
rename from config/rbac/backstage_viewer_role.yaml
rename to config/rbac/_common/backstage_viewer_role.yaml
diff --git a/config/rbac/kustomization.yaml b/config/rbac/_common/kustomization.yaml
similarity index 98%
rename from config/rbac/kustomization.yaml
rename to config/rbac/_common/kustomization.yaml
index d449df95..33001e0a 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/_common/kustomization.yaml
@@ -10,7 +10,6 @@ resources:
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
 # Metrics
-- metrics_service.yaml
 # The following RBAC configurations are used to protect
 # the metrics endpoint with authn/authz. These configurations
 # ensure that only authorized users and service accounts
diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/_common/leader_election_role.yaml
similarity index 100%
rename from config/rbac/leader_election_role.yaml
rename to config/rbac/_common/leader_election_role.yaml
diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/_common/leader_election_role_binding.yaml
similarity index 100%
rename from config/rbac/leader_election_role_binding.yaml
rename to config/rbac/_common/leader_election_role_binding.yaml
diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/_common/metrics_auth_role.yaml
similarity index 100%
rename from config/rbac/metrics_auth_role.yaml
rename to config/rbac/_common/metrics_auth_role.yaml
diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/_common/metrics_auth_role_binding.yaml
similarity index 100%
rename from config/rbac/metrics_auth_role_binding.yaml
rename to config/rbac/_common/metrics_auth_role_binding.yaml
diff --git a/config/rbac/metrics_reader.yaml b/config/rbac/_common/metrics_reader.yaml
similarity index 100%
rename from config/rbac/metrics_reader.yaml
rename to config/rbac/_common/metrics_reader.yaml
diff --git a/config/rbac/_common/role.yaml b/config/rbac/_common/role.yaml
new file mode 100644
index 00000000..5267b3a8
--- /dev/null
+++ b/config/rbac/_common/role.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - secrets
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rhdh.redhat.com
+  resources:
+  - backstages
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rhdh.redhat.com
+  resources:
+  - backstages/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - rhdh.redhat.com
+  resources:
+  - backstages/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  - routes/custom-host
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/config/rbac/role_binding.yaml b/config/rbac/_common/role_binding.yaml
similarity index 100%
rename from config/rbac/role_binding.yaml
rename to config/rbac/_common/role_binding.yaml
diff --git a/config/rbac/service_account.yaml b/config/rbac/_common/service_account.yaml
similarity index 100%
rename from config/rbac/service_account.yaml
rename to config/rbac/_common/service_account.yaml
diff --git a/config/rbac/backstage.io/kustomization.yaml b/config/rbac/backstage.io/kustomization.yaml
new file mode 100644
index 00000000..df5a3270
--- /dev/null
+++ b/config/rbac/backstage.io/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- ../_common
+# Metrics
+- metrics_service.yaml
diff --git a/config/rbac/metrics_service.yaml b/config/rbac/backstage.io/metrics_service.yaml
similarity index 90%
rename from config/rbac/metrics_service.yaml
rename to config/rbac/backstage.io/metrics_service.yaml
index c5093b78..e298f27e 100644
--- a/config/rbac/metrics_service.yaml
+++ b/config/rbac/backstage.io/metrics_service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    app: controller-manager
+    app: backstage-operator
     app.kubernetes.io/name: service
     app.kubernetes.io/instance: controller-manager-metrics-service
     app.kubernetes.io/component: metrics
@@ -18,4 +18,4 @@ spec:
       protocol: TCP
       targetPort: metrics
   selector:
-    app: controller-manager
+    app: backstage-operator
diff --git a/config/rbac/rhdh/kustomization.yaml b/config/rbac/rhdh/kustomization.yaml
new file mode 100644
index 00000000..df5a3270
--- /dev/null
+++ b/config/rbac/rhdh/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- ../_common
+# Metrics
+- metrics_service.yaml
diff --git a/config/rbac/rhdh/metrics_service.yaml b/config/rbac/rhdh/metrics_service.yaml
new file mode 100644
index 00000000..f94a308b
--- /dev/null
+++ b/config/rbac/rhdh/metrics_service.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: rhdh-operator
+    app.kubernetes.io/name: service
+    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/component: metrics
+    app.kubernetes.io/created-by: backstage-operator
+    app.kubernetes.io/part-of: backstage-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+    - name: metrics
+      port: 8443
+      protocol: TCP
+      targetPort: metrics
+  selector:
+    app: rhdh-operator