Add latest changes from gitlab-org/gitlab@master

2 files changed, 44 insertions, 0 deletions

diff --git a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
index d798dcdcfd3..0fea398d234 100644
--- a/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
+++ b/app/services/clusters/kubernetes/create_or_update_service_account_service.rb
@@ -49,8 +49,14 @@ module Clusters
 
         create_or_update_knative_serving_role
         create_or_update_knative_serving_role_binding
+
         create_or_update_crossplane_database_role
         create_or_update_crossplane_database_role_binding
+
+        return unless knative_serving_namespace
+
+        create_or_update_knative_version_role
+        create_or_update_knative_version_role_binding
       end
 
       private
@@ -64,6 +70,12 @@ module Clusters
         ).ensure_exists!
       end
 
+      def knative_serving_namespace
+        kubeclient.core_client.get_namespaces.find do |namespace|
+          namespace.metadata.name == Clusters::Kubernetes::KNATIVE_SERVING_NAMESPACE
+        end
+      end
+
       def create_role_or_cluster_role_binding
         if namespace_creator
           kubeclient.create_or_update_role_binding(role_binding_resource)
@@ -88,6 +100,14 @@ module Clusters
         kubeclient.update_role_binding(crossplane_database_role_binding_resource)
       end
 
+      def create_or_update_knative_version_role
+        kubeclient.update_cluster_role(knative_version_role_resource)
+      end
+
+      def create_or_update_knative_version_role_binding
+        kubeclient.update_cluster_role_binding(knative_version_role_binding_resource)
+      end
+
       def service_account_resource
         Gitlab::Kubernetes::ServiceAccount.new(
           service_account_name,
@@ -166,6 +186,27 @@ module Clusters
           service_account_name: service_account_name
         ).generate
       end
+
+      def knative_version_role_resource
+        Gitlab::Kubernetes::ClusterRole.new(
+          name: Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME,
+          rules: [{
+            apiGroups: %w(apps),
+            resources: %w(deployments),
+            verbs: %w(list get)
+          }]
+        ).generate
+      end
+
+      def knative_version_role_binding_resource
+        subjects = [{ kind: 'ServiceAccount', name: service_account_name, namespace: service_account_namespace }]
+
+        Gitlab::Kubernetes::ClusterRoleBinding.new(
+          Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME,
+          Clusters::Kubernetes::GITLAB_KNATIVE_VERSION_ROLE_NAME,
+          subjects
+        ).generate
+      end
     end
   end
 end
diff --git a/app/services/clusters/kubernetes/kubernetes.rb b/app/services/clusters/kubernetes/kubernetes.rb
index d29519999b2..59cb1c4b3a9 100644
--- a/app/services/clusters/kubernetes/kubernetes.rb
+++ b/app/services/clusters/kubernetes/kubernetes.rb
@@ -12,5 +12,8 @@ module Clusters
     GITLAB_KNATIVE_SERVING_ROLE_BINDING_NAME = 'gitlab-knative-serving-rolebinding'
     GITLAB_CROSSPLANE_DATABASE_ROLE_NAME = 'gitlab-crossplane-database-role'
     GITLAB_CROSSPLANE_DATABASE_ROLE_BINDING_NAME = 'gitlab-crossplane-database-rolebinding'
+    GITLAB_KNATIVE_VERSION_ROLE_NAME = 'gitlab-knative-version-role'
+    GITLAB_KNATIVE_VERSION_ROLE_BINDING_NAME = 'gitlab-knative-version-rolebinding'
+    KNATIVE_SERVING_NAMESPACE = 'knative-serving'
   end
 end