move kafka crd, rbac from kubeless.jsonnet and kubeless-rbac.jsonnet …

…to kafka-zookeeper.jsonnet (#665)

kafka-zookeeper.jsonnet

@@ -5,10 +5,21 @@ local container = k.core.v1.container;
 local service = k.core.v1.service;
 local deployment = k.apps.v1beta1.deployment;
 local serviceAccount = k.core.v1.serviceAccount;
+local objectMeta = k.core.v1.objectMeta;
 
 local namespace = "kubeless";
 local controller_account_name = "controller-acct";
 
+local crd = [
+  {
+    apiVersion: "apiextensions.k8s.io/v1beta1",
+    kind: "CustomResourceDefinition",
+    metadata: objectMeta.name("kafkatriggers.kubeless.io"),
+    spec: {group: "kubeless.io", version: "v1beta1", scope: "Namespaced", names: {plural: "kafkatriggers", singular: "kafkatrigger", kind: "KafkaTrigger"}},
+    description: "CRD object for Kafka trigger type",
+  },
+];
+
 local controllerContainer =
   container.default("kafka-trigger-controller", "bitnami/kafka-trigger-controller:latest") +
   container.imagePullPolicy("IfNotPresent");
@@ -204,6 +215,41 @@ local zookeeperHeadlessSvc =
   service.mixin.spec.selector({kubeless: "zookeeper"}) +
   {spec+: {clusterIP: "None"}};
 
+local controller_roles = [
+  {
+    apiGroups: [""],
+    resources: ["services", "configmaps"],
+    verbs: ["get", "list"],
+  },
+  {
+    apiGroups: ["kubeless.io"],
+    resources: ["functions", "kafkatriggers"],
+    verbs: ["get", "list", "watch", "update", "delete"],
+  },
+];
+
+local clusterRole(name, rules) = {
+    apiVersion: "rbac.authorization.k8s.io/v1beta1",
+    kind: "ClusterRole",
+    metadata: objectMeta.name(name),
+    rules: rules,
+};
+
+local clusterRoleBinding(name, role, subjects) = {
+    apiVersion: "rbac.authorization.k8s.io/v1beta1",
+    kind: "ClusterRoleBinding",
+    metadata: objectMeta.name(name),
+    subjects: [{kind: s.kind, namespace: s.metadata.namespace, name: s.metadata.name} for s in subjects],
+    roleRef: {kind: role.kind, apiGroup: "rbac.authorization.k8s.io", name: role.metadata.name},
+};
+
+local controllerClusterRole = clusterRole(
+  "kafka-controller-deployer", controller_roles);
+
+local controllerClusterRoleBinding = clusterRoleBinding(
+  "kafka-controller-deployer", controllerClusterRole, [controllerAccount]
+);
+
 {
   kafkaSts: k.util.prune(kafkaSts),
   zookeeperSts: k.util.prune(zookeeperSts),
@@ -212,4 +258,7 @@ local zookeeperHeadlessSvc =
   zookeeperSvc: k.util.prune(zookeeperSvc),
   zookeeperHeadlessSvc: k.util.prune(zookeeperHeadlessSvc),
   controller: k.util.prune(controllerDeployment),
+  crd: k.util.prune(crd),
+  controllerClusterRole: k.util.prune(controllerClusterRole),
+  controllerClusterRoleBinding: k.util.prune(controllerClusterRoleBinding),
 }

kubeless-rbac.jsonnet

@@ -29,7 +29,7 @@ local controller_roles = [
   },
   {
     apiGroups: ["kubeless.io"],
-    resources: ["functions", "kafkatriggers", "httptriggers", "cronjobtriggers"],
+    resources: ["functions", "httptriggers", "cronjobtriggers"],
     verbs: ["get", "list", "watch", "update", "delete"],
   },
   {

kubeless.jsonnet

@@ -54,13 +54,6 @@ local crd = [
     spec: {group: "kubeless.io", version: "v1beta1", scope: "Namespaced", names: {plural: "functions", singular: "function", kind: "Function"}},
     description: "Kubernetes Native Serverless Framework",
   },
-  {
-    apiVersion: "apiextensions.k8s.io/v1beta1",
-    kind: "CustomResourceDefinition",
-    metadata: objectMeta.name("kafkatriggers.kubeless.io"),
-    spec: {group: "kubeless.io", version: "v1beta1", scope: "Namespaced", names: {plural: "kafkatriggers", singular: "kafkatrigger", kind: "KafkaTrigger"}},
-    description: "CRD object for Kafka trigger type",
-  },
   {
     apiVersion: "apiextensions.k8s.io/v1beta1",
     kind: "CustomResourceDefinition",