diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java index 3e04125891e8ec..4d74aac72a1792 100644 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java +++ b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/AddNamespaceDecorator.java @@ -43,4 +43,9 @@ public boolean equals(Object o) { public int hashCode() { return Objects.hash(namespace); } + + @Override + public Class[] before() { + return new Class[] { AddClusterRoleBindingResourceDecorator.class, AddClusterRoleResourceDecorator.class }; + } } diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java index 81fecce36a50b4..8b396239ed73bc 100644 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java +++ b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/KubernetesCommonHelper.java @@ -252,6 +252,11 @@ public static List createDecorators(Optional projec result.addAll(createLabelDecorators(target, name, config, labels)); result.addAll(createAnnotationDecorators(project, target, name, config, metricsConfiguration, annotations, port)); result.addAll(createPodDecorators(target, name, config)); + + // Handle RBAC + result.addAll(createRbacDecorators(name, target, config, kubernetesClientConfiguration, roles, clusterRoles, + serviceAccounts, roleBindings)); + result.addAll(createContainerDecorators(target, name, namespace, config)); result.addAll(createMountAndVolumeDecorators(target, name, config)); result.addAll(createAppConfigVolumeAndEnvDecorators(target, name, config)); @@ -276,10 +281,6 @@ public static List createDecorators(Optional projec result.addAll(createProbeDecorators(name, target, config.getLivenessProbe(), config.getReadinessProbe(), config.getStartupProbe(), livenessProbePath, readinessProbePath, startupPath)); } - - // Handle RBAC - result.addAll(createRbacDecorators(name, target, config, kubernetesClientConfiguration, roles, clusterRoles, - serviceAccounts, roleBindings)); return result; } @@ -292,10 +293,6 @@ private static Collection createRbacDecorators(String name, List roleBindingsFromExtensions) { List result = new ArrayList<>(); - // Cluster resources does not have namespace - result.add(new DecoratorBuildItem(target, new RemoveNamespaceFromClusterRoleBindingDecorator())); - result.add(new DecoratorBuildItem(target, new RemoveNamespaceFromClusterRoleDecorator())); - boolean kubernetesClientRequiresRbacGeneration = kubernetesClientConfiguration .map(KubernetesClientCapabilityBuildItem::isGenerateRbac).orElse(false); Set roles = new HashSet<>(); diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/RemoveNamespaceFromClusterRoleBindingDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/RemoveNamespaceFromClusterRoleBindingDecorator.java deleted file mode 100644 index 8674eb5386c441..00000000000000 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/RemoveNamespaceFromClusterRoleBindingDecorator.java +++ /dev/null @@ -1,28 +0,0 @@ -package io.quarkus.kubernetes.deployment; - -import io.dekorate.kubernetes.decorator.Decorator; -import io.dekorate.kubernetes.decorator.NamedResourceDecorator; -import io.fabric8.kubernetes.api.model.ObjectMeta; -import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder; - -/** - * Decorator responsible for remove namespace from ClusterRoleBinding resource. - * - * This decorator executes after {@link AddNamespaceDecorator}. - */ -public class RemoveNamespaceFromClusterRoleBindingDecorator extends NamedResourceDecorator { - - @Override - public void andThenVisit(ClusterRoleBindingBuilder clusterRoleBindingBuilder, ObjectMeta objectMeta) { - clusterRoleBindingBuilder - .withNewMetadata() - .withNamespace(null) - .withName(objectMeta.getName()) - .endMetadata(); - } - - @Override - public Class[] after() { - return new Class[] { AddNamespaceDecorator.class }; - } -} diff --git a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/RemoveNamespaceFromClusterRoleDecorator.java b/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/RemoveNamespaceFromClusterRoleDecorator.java deleted file mode 100644 index 38d46cdf6e0898..00000000000000 --- a/extensions/kubernetes/vanilla/deployment/src/main/java/io/quarkus/kubernetes/deployment/RemoveNamespaceFromClusterRoleDecorator.java +++ /dev/null @@ -1,28 +0,0 @@ -package io.quarkus.kubernetes.deployment; - -import io.dekorate.kubernetes.decorator.Decorator; -import io.dekorate.kubernetes.decorator.NamedResourceDecorator; -import io.fabric8.kubernetes.api.model.ObjectMeta; -import io.fabric8.kubernetes.api.model.rbac.ClusterRoleBuilder; - -/** - * Decorator responsible for remove namespace from ClusterRole resource. - * - * This decorator executes after {@link AddNamespaceDecorator}. - */ -public class RemoveNamespaceFromClusterRoleDecorator extends NamedResourceDecorator { - - @Override - public void andThenVisit(ClusterRoleBuilder clusterRoleBuilder, ObjectMeta objectMeta) { - clusterRoleBuilder - .withNewMetadata() - .withNamespace(null) - .withName(objectMeta.getName()) - .endMetadata(); - } - - @Override - public Class[] after() { - return new Class[] { AddNamespaceDecorator.class }; - } -} diff --git a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java index f7e59a029544ec..88da309588f08c 100644 --- a/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java +++ b/integration-tests/kubernetes/quarkus-standard-way/src/test/java/io/quarkus/it/kubernetes/KubernetesWithRbacFullTest.java @@ -84,7 +84,7 @@ public void assertGeneratedResources() throws IOException { // secret-reader assertions ClusterRole secretReaderRole = getClusterRoleByName(kubernetesList, "secret-reader"); - assertThat(secretReaderRole.getMetadata().getNamespace()).isEqualTo(null); + assertThat(secretReaderRole.getMetadata().getNamespace()).isNull(); assertThat(secretReaderRole.getRules()).satisfiesOnlyOnce(r -> { assertThat(r.getApiGroups()).containsExactly(""); assertThat(r.getResources()).containsExactly("secrets"); @@ -112,7 +112,7 @@ public void assertGeneratedResources() throws IOException { assertEquals("Group", clusterSubject.getKind()); assertEquals("manager", clusterSubject.getName()); assertEquals("rbac.authorization.k8s.io", clusterSubject.getApiGroup()); - assertThat(clusterRoleBinding.getMetadata().getNamespace()).isEqualTo(null); + assertThat(clusterRoleBinding.getMetadata().getNamespace()).isNull(); } private int lastIndexOfKind(String content, String... kinds) {