package main import ( appsv1 "github.com/pulumi/pulumi-kubernetes/sdk/v2/go/kubernetes/apps/v1" corev1 "github.com/pulumi/pulumi-kubernetes/sdk/v2/go/kubernetes/core/v1" metav1 "github.com/pulumi/pulumi-kubernetes/sdk/v2/go/kubernetes/meta/v1" rbacv1 "github.com/pulumi/pulumi-kubernetes/sdk/v2/go/kubernetes/rbac/v1" "github.com/pulumi/pulumi/sdk/v2/go/pulumi" ) func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := appsv1.NewDeployment(ctx, "pulumi_kubernetes_operatorDeployment", &appsv1.DeploymentArgs{ ApiVersion: pulumi.String("apps/v1"), Kind: pulumi.String("Deployment"), Metadata: &metav1.ObjectMetaArgs{ Name: pulumi.String("pulumi-kubernetes-operator"), }, Spec: &appsv1.DeploymentSpecArgs{ Replicas: pulumi.Int(1), Selector: &metav1.LabelSelectorArgs{ MatchLabels: pulumi.StringMap{ "name": pulumi.String("pulumi-kubernetes-operator"), }, }, Template: &corev1.PodTemplateSpecArgs{ Metadata: &metav1.ObjectMetaArgs{ Labels: pulumi.StringMap{ "name": pulumi.String("pulumi-kubernetes-operator"), }, }, Spec: &corev1.PodSpecArgs{ ServiceAccountName: pulumi.String("pulumi-kubernetes-operator"), ImagePullSecrets: corev1.LocalObjectReferenceArray{ &corev1.LocalObjectReferenceArgs{ Name: pulumi.String("pulumi-kubernetes-operator"), }, }, Containers: corev1.ContainerArray{ &corev1.ContainerArgs{ Name: pulumi.String("pulumi-kubernetes-operator"), Image: pulumi.String("pulumi/pulumi-kubernetes-operator:v0.0.2"), Command: pulumi.StringArray{ pulumi.String("pulumi-kubernetes-operator"), }, Args: pulumi.StringArray{ pulumi.String("--zap-level=debug"), }, ImagePullPolicy: pulumi.String("Always"), Env: corev1.EnvVarArray{ &corev1.EnvVarArgs{ Name: pulumi.String("WATCH_NAMESPACE"), ValueFrom: &corev1.EnvVarSourceArgs{ FieldRef: &corev1.ObjectFieldSelectorArgs{ FieldPath: pulumi.String("metadata.namespace"), }, }, }, &corev1.EnvVarArgs{ Name: pulumi.String("POD_NAME"), ValueFrom: &corev1.EnvVarSourceArgs{ FieldRef: &corev1.ObjectFieldSelectorArgs{ FieldPath: pulumi.String("metadata.name"), }, }, }, &corev1.EnvVarArgs{ Name: pulumi.String("OPERATOR_NAME"), Value: pulumi.String("pulumi-kubernetes-operator"), }, }, }, }, }, }, }, }) if err != nil { return err } _, err = rbacv1.NewRole(ctx, "pulumi_kubernetes_operatorRole", &rbacv1.RoleArgs{ ApiVersion: pulumi.String("rbac.authorization.k8s.io/v1"), Kind: pulumi.String("Role"), Metadata: &metav1.ObjectMetaArgs{ CreationTimestamp: nil, Name: pulumi.String("pulumi-kubernetes-operator"), }, Rules: rbacv1.PolicyRuleArray{ &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String(""), }, Resources: pulumi.StringArray{ pulumi.String("pods"), pulumi.String("services"), pulumi.String("services/finalizers"), pulumi.String("endpoints"), pulumi.String("persistentvolumeclaims"), pulumi.String("events"), pulumi.String("configmaps"), pulumi.String("secrets"), }, Verbs: pulumi.StringArray{ pulumi.String("create"), pulumi.String("delete"), pulumi.String("get"), pulumi.String("list"), pulumi.String("patch"), pulumi.String("update"), pulumi.String("watch"), }, }, &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String("apps"), }, Resources: pulumi.StringArray{ pulumi.String("deployments"), pulumi.String("daemonsets"), pulumi.String("replicasets"), pulumi.String("statefulsets"), }, Verbs: pulumi.StringArray{ pulumi.String("create"), pulumi.String("delete"), pulumi.String("get"), pulumi.String("list"), pulumi.String("patch"), pulumi.String("update"), pulumi.String("watch"), }, }, &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String("monitoring.coreos.com"), }, Resources: pulumi.StringArray{ pulumi.String("servicemonitors"), }, Verbs: pulumi.StringArray{ pulumi.String("get"), pulumi.String("create"), }, }, &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String("apps"), }, ResourceNames: pulumi.StringArray{ pulumi.String("pulumi-kubernetes-operator"), }, Resources: pulumi.StringArray{ pulumi.String("deployments/finalizers"), }, Verbs: pulumi.StringArray{ pulumi.String("update"), }, }, &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String(""), }, Resources: pulumi.StringArray{ pulumi.String("pods"), }, Verbs: pulumi.StringArray{ pulumi.String("get"), }, }, &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String("apps"), }, Resources: pulumi.StringArray{ pulumi.String("replicasets"), pulumi.String("deployments"), }, Verbs: pulumi.StringArray{ pulumi.String("get"), }, }, &rbacv1.PolicyRuleArgs{ ApiGroups: pulumi.StringArray{ pulumi.String("pulumi.com"), }, Resources: pulumi.StringArray{ pulumi.String("*"), }, Verbs: pulumi.StringArray{ pulumi.String("create"), pulumi.String("delete"), pulumi.String("get"), pulumi.String("list"), pulumi.String("patch"), pulumi.String("update"), pulumi.String("watch"), }, }, }, }) if err != nil { return err } _, err = rbacv1.NewRoleBinding(ctx, "pulumi_kubernetes_operatorRoleBinding", &rbacv1.RoleBindingArgs{ Kind: pulumi.String("RoleBinding"), ApiVersion: pulumi.String("rbac.authorization.k8s.io/v1"), Metadata: &metav1.ObjectMetaArgs{ Name: pulumi.String("pulumi-kubernetes-operator"), }, Subjects: rbacv1.SubjectArray{ &rbacv1.SubjectArgs{ Kind: pulumi.String("ServiceAccount"), Name: pulumi.String("pulumi-kubernetes-operator"), }, }, RoleRef: &rbacv1.RoleRefArgs{ Kind: pulumi.String("Role"), Name: pulumi.String("pulumi-kubernetes-operator"), ApiGroup: pulumi.String("rbac.authorization.k8s.io"), }, }) if err != nil { return err } _, err = corev1.NewServiceAccount(ctx, "pulumi_kubernetes_operatorServiceAccount", &corev1.ServiceAccountArgs{ ApiVersion: pulumi.String("v1"), Kind: pulumi.String("ServiceAccount"), Metadata: &metav1.ObjectMetaArgs{ Name: pulumi.String("pulumi-kubernetes-operator"), }, }) if err != nil { return err } return nil }) }