Create active development CRDs and RBAC for dev installer and for check-generate.

dsessler7 · dsessler7 · commit f67e6ee3b09f · 2026-01-08T11:43:49.000-10:00
diff --git a/Makefile b/Makefile
@@ -233,8 +233,7 @@ generate-kuttl: ## Generate kuttl tests
 .PHONY: check-generate
 check-generate: ## Check everything generated is also committed
 check-generate: generate
-	git diff --exit-code -- config/crd
-	git diff --exit-code -- config/rbac
+	git diff --exit-code -- config/dev
 	git diff --exit-code -- internal/collector
 	git diff --exit-code -- pkg/apis
 
@@ -249,7 +248,7 @@ generate: generate-rbac
 generate-crd: ## Generate Custom Resource Definitions (CRDs)
 	$(CONTROLLER) $(\
 		) crd paths='./pkg/apis/...' $(\
-		) output:dir='config/crd/bases' # {directory}/{group}_{plural}.yaml
+		) output:dir='config/dev/crd/bases' # {directory}/{group}_{plural}.yaml
 	$(GO) generate ./internal/crd
 
 .PHONY: generate-collector
@@ -267,7 +266,7 @@ generate-rbac: ## Generate RBAC
 	$(CONTROLLER) $(\
 		) rbac:roleName='postgres-operator' $(\
 		) paths='./cmd/...' paths='./internal/...' $(\
-		) output:dir='config/rbac' # {directory}/role.yaml
+		) output:dir='config/dev/rbac/cluster' # {directory}/role.yaml
 
 # https://www.gnu.org/software/make/manual/make.html#Multi_002dLine
 define newline
diff --git a/config/dev/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml b/config/dev/crd/bases/postgres-operator.crunchydata.com_pgadmins.yaml
diff --git a/config/dev/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml b/config/dev/crd/bases/postgres-operator.crunchydata.com_pgupgrades.yaml
diff --git a/config/dev/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml b/config/dev/crd/bases/postgres-operator.crunchydata.com_postgresclusters.yaml
diff --git a/config/dev/crd/kustomization.yaml b/config/dev/crd/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- bases/postgres-operator.crunchydata.com_pgadmins.yaml
+- bases/postgres-operator.crunchydata.com_pgupgrades.yaml
+- bases/postgres-operator.crunchydata.com_postgresclusters.yaml
diff --git a/config/dev/kustomization.yaml b/config/dev/kustomization.yaml
@@ -1,8 +1,39 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
+namespace: postgres-operator
+
+labels:
+- includeSelectors: false
+  includeTemplates: true
+  pairs:
+    app.kubernetes.io/name: pgo
+    app.kubernetes.io/version: 6.0.0
+- includeSelectors: true
+  includeTemplates: true
+  pairs:
+    postgres-operator.crunchydata.com/control-plane: postgres-operator
+
 resources:
-- ../default
+- ./crd
+- ./rbac/cluster
+- ../manager
+
+components:
+- ../components/images-by-tag
 
 patches:
+- patch: |-
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: pgo
+    spec:
+      template:
+        spec:
+          containers:
+          - name: operator
+            env:
+            - name: PGO_FEATURE_GATES
+              value: ""
 - path: manager-dev.yaml
diff --git a/config/dev/rbac/cluster/kustomization.yaml b/config/dev/rbac/cluster/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- role_binding.yaml
+- role.yaml
+- service_account.yaml
diff --git a/config/dev/rbac/cluster/role.yaml b/config/dev/rbac/cluster/role.yaml
@@ -0,0 +1,170 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: postgres-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - persistentvolumeclaims
+  - secrets
+  - serviceaccounts
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints/restricted
+  - pods/exec
+  verbs:
+  - create
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - update
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - pgadmins
+  - pgupgrades
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - pgadmins/finalizers
+  - pgupgrades/finalizers
+  - postgresclusters/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - pgadmins/status
+  - pgupgrades/status
+  - postgresclusters/status
+  verbs:
+  - patch
+- apiGroups:
+  - postgres-operator.crunchydata.com
+  resources:
+  - postgresclusters
+  verbs:
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  - roles
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - snapshot.storage.k8s.io
+  resources:
+  - volumesnapshots
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
diff --git a/config/dev/rbac/cluster/role_binding.yaml b/config/dev/rbac/cluster/role_binding.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: postgres-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: postgres-operator
+subjects:
+- kind: ServiceAccount
+  name: pgo
diff --git a/config/dev/rbac/cluster/service_account.yaml b/config/dev/rbac/cluster/service_account.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pgo
diff --git a/config/dev/rbac/namespace/kustomization.yaml b/config/dev/rbac/namespace/kustomization.yaml
@@ -0,0 +1,4 @@
+resources:
+- ../cluster
+components:
+- ../../../components/single-namespace
diff --git a/internal/crd/post-process.go b/internal/crd/post-process.go
@@ -20,7 +20,7 @@ import (
 
 func main() {
 	cwd := need(os.Getwd())
-	dir := filepath.Join(cwd, "..", "..", "config", "crd", "bases")
+	dir := filepath.Join(cwd, "..", "..", "config", "dev", "crd", "bases")
 	query := "post-process.jq"
 
 	slog.Info("Reading", "file", query)
