WIP: start on publisher controller integration

deploy/crd.yaml

@@ -15,9 +15,9 @@
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: logindiscoveryconfigs.suzerain-io.github.io
+  name: logindiscoveryconfigs.placeholder.suzerain-io.github.io
 spec:
-  group: suzerain-io.github.io
+  group: placeholder.suzerain-io.github.io
   versions:
     #! Any changes to these schemas should also be reflected in the types.go file(s)
     #! in https://github.com/suzerain-io/placeholder-name-api/tree/main/pkg/apis/placeholder

deploy/rbac.yaml

@@ -38,6 +38,9 @@ rules:
   - apiGroups: [""]
     resources: [services]
     verbs: [create, get, list, patch, update, watch]
+  - apiGroups: [placeholder.suzerain-io.github.io]
+    resources: [logindiscoveryconfigs]
+    verbs: [create, get, list, update, watch]
 ---
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -108,3 +111,27 @@ roleRef:
   #! give permissions for a special configmap of CA bundles that is needed by aggregated api servers
   name: extension-apiserver-authentication-reader
   apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: #@ data.values.app_name + "-cluster-info-lister-watcher-role"
+  namespace: kube-public
+rules:
+  - apiGroups: [""]
+    resources: [configmaps]
+    verbs: [list, watch] #! TODO: do we neeed a get here for the controller?
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: #@ data.values.app_name + "-cluster-info-lister-watcher-role-binding"
+  namespace: kube-public
+subjects:
+  - kind: ServiceAccount
+    name: #@ data.values.app_name + "-service-account"
+    namespace: #@ data.values.namespace
+roleRef:
+  kind: Role
+  name: #@ data.values.app_name + "-cluster-info-lister-watcher-role"
+  apiGroup: rbac.authorization.k8s.io