From c6fbc26c06a38ea8425389cff18e16eae2cdc801 Mon Sep 17 00:00:00 2001
From: Fiona Waters <fiwaters6@gmail.com>
Date: Mon, 16 Oct 2023 15:46:43 +0100
Subject: [PATCH] add ClusterRole and ClusterRoleBinding for KubeRay

---
 config/rbac/kustomization.yaml                |  2 ++
 .../rbac/mcad-controller-ray-clusterrole.yaml | 31 +++++++++++++++++++
 ...cad-controller-ray-clusterrolebinding.yaml | 12 +++++++
 3 files changed, 45 insertions(+)
 create mode 100644 config/rbac/mcad-controller-ray-clusterrole.yaml
 create mode 100644 config/rbac/mcad-controller-ray-clusterrolebinding.yaml

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
index 05bf4c6cf..cdb307c82 100644
--- a/config/rbac/kustomization.yaml
+++ b/config/rbac/kustomization.yaml
@@ -11,3 +11,5 @@ resources:
 - instascale_role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- mcad-controller-ray-clusterrolebinding.yaml
+- mcad-controller-ray-clusterrole.yaml
diff --git a/config/rbac/mcad-controller-ray-clusterrole.yaml b/config/rbac/mcad-controller-ray-clusterrole.yaml
new file mode 100644
index 000000000..f95624208
--- /dev/null
+++ b/config/rbac/mcad-controller-ray-clusterrole.yaml
@@ -0,0 +1,31 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: mcad-controller-ray-clusterrole
+rules:
+- apiGroups:
+  - ray.io
+  resources:
+  - rayclusters
+  - rayclusters/finalizers
+  - rayclusters/status
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/config/rbac/mcad-controller-ray-clusterrolebinding.yaml b/config/rbac/mcad-controller-ray-clusterrolebinding.yaml
new file mode 100644
index 000000000..a3931da07
--- /dev/null
+++ b/config/rbac/mcad-controller-ray-clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: mcad-controller-ray-clusterrolebinding
+subjects:
+  - kind: ServiceAccount
+    name: codeflare-operator-controller-manager
+    namespace: openshift-operators
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mcad-controller-ray-clusterrole