operator: watch all the cluster namespaces

And not just the namespace the operator is running into.
We alread y adding ClusterRole{,Binding}s, so permissions should be
fine.

Please note: the automation _dropped_ 'value: ""' from the
new WATCH_NAMESPACE variable, had to reintroduce it manually

Reference: https://github.com/operator-framework/operator-sdk/blob/master/doc/operator-scope.md

Signed-off-by: Francesco Romani <[email protected]>

cluster/1.0.2/kubevirt-ssp-operator-cr.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kubevirt.io/v1
+kind: KubevirtCommonTemplatesBundle
+metadata:
+  name: kubevirt-common-template-bundle
+spec:
+  version: v0.6.0
+---
+apiVersion: kubevirt.io/v1
+kind: KubevirtNodeLabellerBundle
+metadata:
+  name: kubevirt-node-labeller-bundle
+spec:
+  version: v0.0.5
+---
+apiVersion: kubevirt.io/v1
+kind: KubevirtTemplateValidator
+metadata:
+  name: kubevirt-template-validator
+  namespace: kubevirt
+spec:
+  version: v0.4.8

cluster/1.0.2/kubevirt-ssp-operator-crd.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: kubevirtcommontemplatesbundles.kubevirt.io
+spec:
+  group: kubevirt.io
+  names:
+    kind: KubevirtCommonTemplatesBundle
+    listKind: KubevirtCommonTemplatesBundleList
+    plural: kubevirtcommontemplatesbundles
+    singular: kubevirtcommontemplatesbundle
+  scope: Namespaced
+  version: v1
+  subresources:
+    status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: kubevirtnodelabellerbundles.kubevirt.io
+spec:
+  group: kubevirt.io
+  names:
+    kind: KubevirtNodeLabellerBundle
+    listKind: KubevirtNodeLabellerBundleList
+    plural: kubevirtnodelabellerbundles
+    singular: kubevirtnodelabellerbundle
+  scope: Namespaced
+  version: v1
+  subresources:
+    status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: kubevirttemplatevalidators.kubevirt.io
+spec:
+  group: kubevirt.io
+  names:
+    kind: KubevirtTemplateValidator
+    listKind: KubevirtTemplateValidatorList
+    plural: kubevirttemplatevalidators
+    singular: kubevirttemplatevalidator
+  scope: Namespaced
+  version: v1
+  subresources:
+    status: {}
+

cluster/1.0.2/kubevirt-ssp-operator.yaml

@@ -0,0 +1,223 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubevirt-ssp-operator
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: kubevirt-ssp-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  - replicationcontrollers
+  - serviceaccounts
+  - templates
+  verbs:
+  - '*'
+- apiGroups:
+  - extensions
+  - apps
+  resources:
+  - deployments
+  - replicasets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - kubevirt.io
+  - template.openshift.io
+  - route.openshift.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubevirt-ssp-operator
+rules:
+- apiGroups:
+  - oauth.openshift.io
+  - template.openshift.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - create
+  - get
+  - patch
+  - list
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - create
+  - get
+  - list
+  - watch
+  - patch
+- apiGroups:
+  - extensions
+  - apps
+  resources:
+  - deployments
+  - replicasets
+  verbs:
+  - create
+  - get
+  - patch
+  - list
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - create
+  - get
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - get
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - configmaps
+  - nodes
+  verbs:
+  - create
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - list
+  - get
+  - create
+  - patch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - validatingwebhookconfigurations
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - watch
+- apiGroups:
+  - security.openshift.io
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - '*'
+  resourceNames:
+  - privileged
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubevirt-ssp-operator
+subjects:
+- kind: ServiceAccount
+  name: kubevirt-ssp-operator
+roleRef:
+  kind: Role
+  name: kubevirt-ssp-operator
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubevirt-ssp-operator
+subjects:
+- kind: ServiceAccount
+  name: kubevirt-ssp-operator
+  namespace: default 
+roleRef:
+  kind: ClusterRole
+  name: kubevirt-ssp-operator
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubevirt-ssp-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: kubevirt-ssp-operator
+  template:
+    metadata:
+      labels:
+        name: kubevirt-ssp-operator
+    spec:
+      serviceAccountName: kubevirt-ssp-operator
+      containers:
+        - name: kubevirt-ssp-operator
+          #FIXME Replace this with the built image name
+          image: quay.io/fromani/kubevirt-ssp-operator-container:latest
+          ports:
+          - containerPort: 60000
+            name: metrics
+          imagePullPolicy: Always
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: WATCH_NAMESPACE
+              value: ""
+            - name: OPERATOR_NAME
+              value: "kubevirt-ssp-operator"