apiVersion: v1
kind: ServiceAccount
metadata:
  name: open-liberty-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: null
  name: open-liberty-operator
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - services
  - services/finalizers
  - endpoints
  - persistentvolumeclaims
  - events
  - configmaps
  - secrets
  - serviceaccounts
  - pods/exec
  verbs:
  - '*'
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - replicasets
  - statefulsets
  verbs:
  - '*'
- apiGroups:
  - autoscaling
  resources:
  - horizontalpodautoscalers
  verbs:
  - '*'
- apiGroups:
  - monitoring.coreos.com
  resources:
  - servicemonitors
  verbs:
  - '*'
- apiGroups:
  - apps
  resourceNames:
  - open-liberty-operator
  resources:
  - deployments/finalizers
  verbs:
  - update
- apiGroups:
  - openliberty.io
  resources:
  - '*'
  - openlibertytraces
  - openlibertydumps
  verbs:
  - '*'
- apiGroups:
  - image.openshift.io
  resources:
  - '*'
  verbs:
  - '*'
- apiGroups:
  - route.openshift.io
  resources:
  - routes
  - routes/custom-host
  verbs:
  - '*'
- apiGroups:
  - serving.knative.dev
  resources:
  - services
  verbs:
  - '*'
- apiGroups:
  - cert-manager.io
  resources:
  - certificates
  verbs:
  - '*'
- apiGroups:
  - app.k8s.io
  resources:
  - applications
  verbs:
  - '*'
- apiGroups:
  - apps.openshift.io
  resources:
  - servicebindingrequests
  verbs:
  - '*'
- apiGroups:
  - networking.k8s.io
  - extensions
  resources:
  - ingresses
  verbs:
  - '*'
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: open-liberty-operator
subjects:
- kind: ServiceAccount
  name: open-liberty-operator
roleRef:
  kind: Role
  name: open-liberty-operator
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: open-liberty-operator
spec:
  replicas: 1
  selector:
    matchLabels:
      name: open-liberty-operator
  template:
    metadata:
      labels:
        name: open-liberty-operator
    spec:
      serviceAccountName: open-liberty-operator
      containers:
        - name: open-liberty-operator
          image: openliberty/operator:0.7.0
          command:
          - open-liberty-operator
          imagePullPolicy: Always
          env:
            - name: WATCH_NAMESPACE
              value: OPEN_LIBERTY_WATCH_NAMESPACE
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: OPERATOR_NAME
              value: "open-liberty-operator"