---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: drupal-operator
rules:
  - apiGroups:
      - ""
    resources:
      - pods
      - services
      - endpoints
      - persistentvolumeclaims
      - events
      - configmaps
      - secrets
    verbs:
      - '*'
  - apiGroups:
      - apps
    resources:
      - deployments
      - daemonsets
      - replicasets
      - statefulsets
    verbs:
      - '*'
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - '*'
  - apiGroups:
      - monitoring.coreos.com
    resources:
      - servicemonitors
    verbs:
      - get
      - create
  - apiGroups:
      - apps
    resourceNames:
      - drupal-operator
    resources:
      - deployments/finalizers
    verbs:
      - update
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
  - apiGroups:
      - apps
    resources:
      - replicasets
    verbs:
      - get
  - apiGroups:
      - drupal.drupal.org
    resources:
      - '*'
    verbs:
      - '*'

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drupal-operator
subjects:
  - kind: ServiceAccount
    name: drupal-operator
    namespace: default
roleRef:
  kind: ClusterRole
  name: drupal-operator
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: drupal-operator
  namespace: default

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drupal-operator
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      name: drupal-operator
  template:
    metadata:
      labels:
        name: drupal-operator
    spec:
      serviceAccountName: drupal-operator
      containers:
        - name: ansible
          command:
            - /usr/local/bin/ao-logs
            - /tmp/ansible-operator/runner
            - stdout
          image: "geerlingguy/drupal-operator:0.1.1"
          imagePullPolicy: "Always"
          volumeMounts:
            - mountPath: /tmp/ansible-operator/runner
              name: runner
              readOnly: true
        - name: operator
          image: "geerlingguy/drupal-operator:0.1.1"
          imagePullPolicy: "Always"
          volumeMounts:
            - mountPath: /tmp/ansible-operator/runner
              name: runner
          env:
            # Watch all namespaces (cluster-scoped).
            - name: WATCH_NAMESPACE
              value: ""
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: OPERATOR_NAME
              value: "drupal-operator"
      volumes:
        - name: runner
          emptyDir: {}

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: drupals.drupal.drupal.org
spec:
  group: drupal.drupal.org
  names:
    kind: Drupal
    listKind: DrupalList
    plural: drupals
    singular: drupal
  scope: Namespaced
  subresources:
    status: {}
  version: v1alpha1
  versions:
    - name: v1alpha1
      served: true
      storage: true