diff --git a/internal/tools/deploy/deploy.go b/internal/tools/deploy/deploy.go index fea297d..837103d 100644 --- a/internal/tools/deploy/deploy.go +++ b/internal/tools/deploy/deploy.go @@ -231,6 +231,16 @@ func Deploy(ctx context.Context, kube client.Client, opts DeployOptions) (err er } } + crbAdmin := rbactools.CreateClusterRoleBindingAdmin(types.NamespacedName{ + Namespace: opts.NamespacedName.Namespace, + Name: opts.NamespacedName.Name, + }) + + err = rbactools.InstallClusterRoleBinding(ctx, opts.KubeClient, &crbAdmin) + if err != nil { + return err, rbacErr + } + dep, err := deployment.CreateDeployment(gvr, opts.NamespacedName, opts.CDCImageTag) if err != nil { return err, rbacErr diff --git a/internal/tools/rbactools/clusterrolebinding.go b/internal/tools/rbactools/clusterrolebinding.go index c58a889..75846fc 100644 --- a/internal/tools/rbactools/clusterrolebinding.go +++ b/internal/tools/rbactools/clusterrolebinding.go @@ -2,6 +2,7 @@ package rbactools import ( "context" + "fmt" "github.com/avast/retry-go" rbacv1 "k8s.io/api/rbac/v1" @@ -84,3 +85,27 @@ func CreateClusterRoleBinding(opts types.NamespacedName) rbacv1.ClusterRoleBindi }, } } + +func CreateClusterRoleBindingAdmin(opts types.NamespacedName) rbacv1.ClusterRoleBinding { + return rbacv1.ClusterRoleBinding{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "rbac.authorization.k8s.io/v1", + Kind: "ClusterRoleBinding", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-admin", opts.Name), + }, + RoleRef: rbacv1.RoleRef{ + APIGroup: "rbac.authorization.k8s.io", + Kind: "ClusterRole", + Name: "cluster-admin", + }, + Subjects: []rbacv1.Subject{ + { + Kind: "ServiceAccount", + Name: opts.Name, + Namespace: opts.Namespace, + }, + }, + } +}