jbouska - test

bouskaJ · Sep 16, 2024 · b9f4154 · b9f4154
1 parent c0abda6
commit b9f4154
Show file tree

Hide file tree

Showing 28 changed files with 189 additions and 232 deletions.
diff --git a/bundle/manifests/rhtas-operator.clusterserviceversion.yaml b/bundle/manifests/rhtas-operator.clusterserviceversion.yaml
@@ -297,7 +297,7 @@ metadata:
       ]
     capabilities: Seamless Upgrades
     containerImage: registry.redhat.io/rhtas/rhtas-rhel9-operator@sha256:028b6eec7f821b18cf710237a7613ef76d2bacdeff56462368e4e186f26627cc
-    createdAt: "2024-09-12T13:55:45Z"
+    createdAt: "2024-09-16T09:07:25Z"
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "false"
     features.operators.openshift.io/csi: "false"

diff --git a/internal/controller/common/utils/kubernetes/service.go b/internal/controller/common/utils/kubernetes/service.go
@@ -2,14 +2,14 @@ package kubernetes
 
 import (
 	"context"
-	"fmt"
+	"errors"
 
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/types"
-	"sigs.k8s.io/controller-runtime/pkg/client"
-
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
 func CreateService(namespace string, name string, portName string, port int, targetPort int32, labels map[string]string) *corev1.Service {
@@ -33,35 +33,25 @@ func CreateService(namespace string, name string, portName string, port int, tar
 	}
 }
 
-func GetInternalUrl(ctx context.Context, cli client.Client, namespace, serviceName string) (string, error) {
-	svc := &corev1.Service{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      serviceName,
-			Namespace: namespace,
-		},
-	}
-
-	err := cli.Get(ctx, types.NamespacedName{
-		Name:      serviceName,
-		Namespace: namespace,
-	}, svc)
+func FindService(ctx context.Context, c client.Client, namespace string, labels map[string]string) (*corev1.Service, error) {
 
-	if err != nil {
-		return "", err
-	}
-	return fmt.Sprintf("%s.%s.svc.cluster.local", svc.Name, svc.Namespace), nil
-}
-
-func GetService(client client.Client, namespace, serviceName string) (*corev1.Service, error) {
-	var service corev1.Service
+	list := &corev1.ServiceList{}
 
-	err := client.Get(context.TODO(), types.NamespacedName{
-		Name:      serviceName,
-		Namespace: namespace,
-	}, &service)
+	err := c.List(ctx, list, client.InNamespace(namespace), client.MatchingLabels(labels))
 
 	if err != nil {
 		return nil, err
 	}
-	return &service, nil
+	if len(list.Items) > 1 {
+		return nil, errors.New("duplicate resource")
+	}
+
+	if len(list.Items) == 1 {
+		return &list.Items[0], nil
+	}
+
+	return nil, apierrors.NewNotFound(schema.GroupResource{
+		Group:    list.GetObjectKind().GroupVersionKind().Group,
+		Resource: list.GetObjectKind().GroupVersionKind().Kind,
+	}, "")
 }
diff --git a/internal/controller/constants/images.go b/internal/controller/constants/images.go
@@ -1,28 +1,28 @@
 package constants
 
 var (
-	TrillianLogSignerImage = "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:3a73910e112cb7b8ad04c4063e3840fb70f97ed07fc3eb907573a46b2f8f6b7b"
-	TrillianServerImage    = "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:23579db8db307a14cad37f5cb1bdf759611decd72d875241184549e31353387f"
-	TrillianDbImage        = "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:310ecbd9247a2af587dd6bca1b262cf5d753938409fb74c59a53622e22eb1c31"
+	TrillianLogSignerImage = "quay.io/securesign/trillian-logsigner@sha256:3a73910e112cb7b8ad04c4063e3840fb70f97ed07fc3eb907573a46b2f8f6b7b"
+	TrillianServerImage    = "quay.io/securesign/trillian-logserver@sha256:23579db8db307a14cad37f5cb1bdf759611decd72d875241184549e31353387f"
+	TrillianDbImage        = "quay.io/securesign/trillian-database@sha256:310ecbd9247a2af587dd6bca1b262cf5d753938409fb74c59a53622e22eb1c31"
 
 	// TODO: remove and check the DB pod status
 	TrillianNetcatImage = "registry.redhat.io/openshift4/ose-tools-rhel8@sha256:486b4d2dd0d10c5ef0212714c94334e04fe8a3d36cf619881986201a50f123c7"
 
-	FulcioServerImage = "registry.redhat.io/rhtas/fulcio-rhel9@sha256:a384c19951fb77813cdefb8057bbe3670ef489eb61172d8fd2dde47b23aecebc"
+	FulcioServerImage = "quay.io/securesign/fulcio-server@sha256:a384c19951fb77813cdefb8057bbe3670ef489eb61172d8fd2dde47b23aecebc"
 
-	RekorRedisImage    = "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:c936589847e5658e3be01bf7251da6372712bf98f4d100024a18ea59cfec5975"
-	RekorServerImage   = "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:96efc463b5f5fa631cca2e1a2195bb0abbd72da0c5083a9d90371d245d01387d"
-	RekorSearchUiImage = "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:8ed9d49539e2305c2c41e2ad6b9f5763a53e93ab7590de1c413d846544091009"
-	BackfillRedisImage = "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:22016378cf4a312ac7b15067e560ea42805c168ddf2ae64adb2fcc784bb9ba15"
+	RekorRedisImage    = "quay.io/securesign/trillian-redis@sha256:c936589847e5658e3be01bf7251da6372712bf98f4d100024a18ea59cfec5975"
+	RekorServerImage   = "quay.io/securesign/rekor-server@sha256:96efc463b5f5fa631cca2e1a2195bb0abbd72da0c5083a9d90371d245d01387d"
+	RekorSearchUiImage = "quay.io/securesign/rekor-search-ui@sha256:8ed9d49539e2305c2c41e2ad6b9f5763a53e93ab7590de1c413d846544091009"
+	BackfillRedisImage = "quay.io/securesign/rekor-backfill-redis@sha256:22016378cf4a312ac7b15067e560ea42805c168ddf2ae64adb2fcc784bb9ba15"
 
-	TufImage = "registry.redhat.io/rhtas/tuffer@sha256:fc0160028b0bcbc03c69156584ead3dfec6d517dab305386ee238cc0e87433de"
+	TufImage = "quay.io/securesign/tuffer@sha256:fc0160028b0bcbc03c69156584ead3dfec6d517dab305386ee238cc0e87433de"
 
-	CTLogImage = "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:671c5ea4de7184f0dcdd6c6583d74dc8b0b039799c57efb5e8a31981cd9b415e"
+	CTLogImage = "quay.io/securesign/certificate-transparency-go@sha256:671c5ea4de7184f0dcdd6c6583d74dc8b0b039799c57efb5e8a31981cd9b415e"
 
 	HttpServerImage         = "registry.access.redhat.com/ubi9/httpd-24@sha256:7874b82335a80269dcf99e5983c2330876f5fe8bdc33dc6aa4374958a2ffaaee"
-	ClientServerImage_cg    = "registry.redhat.io/rhtas/client-server-cg-rhel9@sha256:0469bef1617c60481beda30947f279a0b106d0e54c600e823064a2b5b89bc120"
-	ClientServerImage_re    = "registry.redhat.io/rhtas/client-server-re-rhel9@sha256:7990157e558dc5ff6e315c84a107bbadc7aeb3aaed39a9171e751671be5d89f0"
-	ClientServerImage_f     = "registry.redhat.io/rhtas/client-server-f-rhel9@sha256:aca918e6994ad5f95c71f725428fc3f2865299b1860c2740d1c18f03324cc3c9"
-	SegmentBackupImage      = "registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:625b5beef8b97d0e9fdf1d92bacd31a51de6b8c172e9aac2c98167253738bb61"
-	TimestampAuthorityImage = "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:788f298596b5c0c70e06ac210f8e68ce7bf3348c56b7f36eb6b84cdd85f0d01d"
+	ClientServerImage_cg    = "quay.io/securesign/cli-client-server-cg@sha256:0469bef1617c60481beda30947f279a0b106d0e54c600e823064a2b5b89bc120"
+	ClientServerImage_re    = "quay.io/securesign/client-server-re@sha256:7990157e558dc5ff6e315c84a107bbadc7aeb3aaed39a9171e751671be5d89f0"
+	ClientServerImage_f     = "quay.io/securesign/client-server-f@sha256:aca918e6994ad5f95c71f725428fc3f2865299b1860c2740d1c18f03324cc3c9"
+	SegmentBackupImage      = "quay.io/securesign/segment-backup-job@sha256:625b5beef8b97d0e9fdf1d92bacd31a51de6b8c172e9aac2c98167253738bb61"
+	TimestampAuthorityImage = "quay.io/securesign/timestamp-authority@sha256:788f298596b5c0c70e06ac210f8e68ce7bf3348c56b7f36eb6b84cdd85f0d01d"
 )
diff --git a/internal/controller/ctlog/actions/constants.go b/internal/controller/ctlog/actions/constants.go
diff --git a/internal/controller/ctlog/actions/deployment.go b/internal/controller/ctlog/actions/deployment.go
@@ -4,12 +4,12 @@ import (
 	"context"
 	"fmt"
 
-	cutils "github.com/securesign/operator/internal/controller/common/utils"
-
 	rhtasv1alpha1 "github.com/securesign/operator/api/v1alpha1"
 	"github.com/securesign/operator/internal/controller/common/action"
+	cutils "github.com/securesign/operator/internal/controller/common/utils"
 	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	"github.com/securesign/operator/internal/controller/ctlog/utils"
 	trillian "github.com/securesign/operator/internal/controller/trillian/actions"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -59,14 +59,14 @@ func (i deployAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog)
 		i.Logger.V(1).Info("Communication to trillian log server is insecure")
 	}
 
-	labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name)
+	labels := constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name)
 
 	switch {
 	case instance.Spec.Trillian.Address == "":
 		instance.Spec.Trillian.Address = fmt.Sprintf("%s.%s.svc", trillian.LogserverDeploymentName, instance.Namespace)
 	}
 
-	dp, err := utils.CreateDeployment(instance, DeploymentName, RBACName, labels, ServerTargetPort, MetricsPort)
+	dp, err := utils.CreateDeployment(instance, constants2.DeploymentName, constants2.RBACName, labels, constants2.ServerTargetPort, constants2.MetricsPort)
 	if err != nil {
 		meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
 			Type:    constants.Ready,

diff --git a/internal/controller/ctlog/actions/handle_fulcio_root.go b/internal/controller/ctlog/actions/handle_fulcio_root.go
@@ -8,6 +8,7 @@ import (
 	"github.com/securesign/operator/internal/controller/common/action"
 	k8sutils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	"github.com/securesign/operator/internal/controller/fulcio/actions"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
@@ -75,7 +76,7 @@ func (g handleFulcioCert) Handle(ctx context.Context, instance *v1alpha1.CTlog)
 			}
 
 			meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-				Type:    CertCondition,
+				Type:    constants2.CertCondition,
 				Status:  metav1.ConditionFalse,
 				Reason:  constants.Failure,
 				Message: "Cert not found",
@@ -111,7 +112,7 @@ func (g handleFulcioCert) Handle(ctx context.Context, instance *v1alpha1.CTlog)
 	}
 
 	meta.SetStatusCondition(&instance.Status.Conditions, metav1.Condition{
-		Type:   CertCondition,
+		Type:   constants2.CertCondition,
 		Status: metav1.ConditionTrue,
 		Reason: "Resolved",
 	},

diff --git a/internal/controller/ctlog/actions/handle_fulcio_root_test.go b/internal/controller/ctlog/actions/handle_fulcio_root_test.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"
 
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	testAction "github.com/securesign/operator/internal/testing/action"
 
 	. "github.com/onsi/gomega"
@@ -58,7 +59,7 @@ func Test_HandleFulcioCert_Autodiscover(t *testing.T) {
 	g.Expect(i.Status.RootCertificates[0].Key).Should(Equal("key"))
 	g.Expect(i.Status.RootCertificates[0].Name).Should(Equal("secret"))
 
-	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue())
+	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue())
 }
 
 func Test_HandleFulcioCert_Empty(t *testing.T) {
@@ -150,7 +151,7 @@ func Test_HandleFulcioCert_Configured(t *testing.T) {
 	g.Expect(i.Status.RootCertificates[1].Key).Should(Equal("key"))
 	g.Expect(i.Status.RootCertificates[1].Name).Should(Equal("secret-2"))
 
-	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue())
+	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue())
 }
 
 func Test_HandleFulcioCert_Configured_Priority(t *testing.T) {
@@ -201,7 +202,7 @@ func Test_HandleFulcioCert_Configured_Priority(t *testing.T) {
 	g.Expect(i.Status.RootCertificates[0].Key).Should(Equal("key"))
 	g.Expect(i.Status.RootCertificates[0].Name).Should(Equal("my-secret"))
 
-	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue())
+	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue())
 }
 
 func Test_HandleFulcioCert_Delete_ServerConfig(t *testing.T) {
@@ -246,7 +247,7 @@ func Test_HandleFulcioCert_Delete_ServerConfig(t *testing.T) {
 	g.Expect(a.CanHandle(context.TODO(), i)).To(BeTrue())
 
 	_ = a.Handle(context.TODO(), i)
-	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, CertCondition)).To(BeTrue())
+	g.Expect(meta.IsStatusConditionTrue(i.Status.Conditions, constants2.CertCondition)).To(BeTrue())
 
 	g.Expect(i.Status.ServerConfigRef).To(BeNil())
 	g.Expect(c.Get(context.TODO(), types.NamespacedName{Name: "ctlog-config", Namespace: instance.GetNamespace()}, &v1.Secret{})).To(HaveOccurred())

diff --git a/internal/controller/ctlog/actions/handle_keys.go b/internal/controller/ctlog/actions/handle_keys.go
@@ -8,6 +8,7 @@ import (
 	"github.com/securesign/operator/internal/controller/common/action"
 	k8sutils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	"github.com/securesign/operator/internal/controller/ctlog/utils"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/equality"
@@ -107,8 +108,8 @@ func (g handleKeys) Handle(ctx context.Context, instance *v1alpha1.CTlog) *actio
 		data = map[string][]byte{"public": config.PublicKey}
 	}
 
-	labels := constants.LabelsFor(ComponentName, DeploymentName, instance.Name)
-	labels[CTLPubLabel] = "public"
+	labels := constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name)
+	labels[constants2.CTLPubLabel] = "public"
 	secret := k8sutils.CreateImmutableSecret(fmt.Sprintf(KeySecretNameFormat, instance.Name), instance.Namespace,
 		data, labels)
 
@@ -117,7 +118,7 @@ func (g handleKeys) Handle(ctx context.Context, instance *v1alpha1.CTlog) *actio
 	}
 
 	// ensure that only new key is exposed
-	if err := g.Client.DeleteAllOf(ctx, &v1.Secret{}, client.InNamespace(instance.Namespace), client.MatchingLabels(constants.LabelsFor(ComponentName, DeploymentName, instance.Name)), client.HasLabels{CTLPubLabel}); err != nil {
+	if err := g.Client.DeleteAllOf(ctx, &v1.Secret{}, client.InNamespace(instance.Namespace), client.MatchingLabels(constants.LabelsFor(constants2.ComponentName, constants2.DeploymentName, instance.Name)), client.HasLabels{constants2.CTLPubLabel}); err != nil {
 		return g.Failed(err)
 	}
 

diff --git a/internal/controller/ctlog/actions/initialize.go b/internal/controller/ctlog/actions/initialize.go
@@ -8,6 +8,7 @@ import (
 	"github.com/securesign/operator/internal/controller/common/action"
 	commonUtils "github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -34,7 +35,7 @@ func (i initializeAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT
 		ok  bool
 		err error
 	)
-	labels := constants.LabelsForComponent(ComponentName, instance.Name)
+	labels := constants.LabelsForComponent(constants2.ComponentName, instance.Name)
 	ok, err = commonUtils.DeploymentIsRunning(ctx, i.Client, instance.Namespace, labels)
 	switch {
 	case errors.Is(err, commonUtils.ErrDeploymentNotReady):

diff --git a/internal/controller/ctlog/actions/monitoring.go b/internal/controller/ctlog/actions/monitoring.go
@@ -9,6 +9,7 @@ import (
 	"github.com/securesign/operator/internal/controller/common/action"
 	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	v1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -37,11 +38,11 @@ func (i monitoringAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT
 		err error
 	)
 
-	monitoringLabels := constants.LabelsFor(ComponentName, MonitoringRoleName, instance.Name)
+	monitoringLabels := constants.LabelsFor(constants2.ComponentName, constants2.MonitoringRoleName, instance.Name)
 
 	role := kubernetes.CreateRole(
 		instance.Namespace,
-		MonitoringRoleName,
+		constants2.MonitoringRoleName,
 		monitoringLabels,
 		[]v1.PolicyRule{
 			{
@@ -68,12 +69,12 @@ func (i monitoringAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT
 
 	roleBinding := kubernetes.CreateRoleBinding(
 		instance.Namespace,
-		MonitoringRoleName,
+		constants2.MonitoringRoleName,
 		monitoringLabels,
 		v1.RoleRef{
 			APIGroup: v1.SchemeGroupVersion.Group,
 			Kind:     "Role",
-			Name:     MonitoringRoleName,
+			Name:     constants2.MonitoringRoleName,
 		},
 		[]v1.Subject{
 			{Kind: "ServiceAccount", Name: "prometheus-k8s", Namespace: "openshift-monitoring"},
@@ -95,16 +96,16 @@ func (i monitoringAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CT
 
 	serviceMonitor := kubernetes.CreateServiceMonitor(
 		instance.Namespace,
-		DeploymentName,
+		constants2.DeploymentName,
 		monitoringLabels,
 		[]monitoringv1.Endpoint{
 			{
 				Interval: monitoringv1.Duration("30s"),
-				Port:     MetricsPortName,
+				Port:     constants2.MetricsPortName,
 				Scheme:   "http",
 			},
 		},
-		constants.LabelsForComponent(ComponentName, instance.Name),
+		constants.LabelsForComponent(constants2.ComponentName, instance.Name),
 	)
 
 	if err = controllerutil.SetControllerReference(instance, serviceMonitor, i.Client.Scheme()); err != nil {

diff --git a/internal/controller/ctlog/actions/rbac.go b/internal/controller/ctlog/actions/rbac.go
@@ -8,6 +8,7 @@ import (
 	"github.com/securesign/operator/internal/controller/common/action"
 	"github.com/securesign/operator/internal/controller/common/utils/kubernetes"
 	"github.com/securesign/operator/internal/controller/constants"
+	constants2 "github.com/securesign/operator/internal/controller/ctlog/constants"
 	v1 "k8s.io/api/core/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -36,11 +37,11 @@ func (i rbacAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) *
 	var (
 		err error
 	)
-	labels := constants.LabelsFor(ComponentName, RBACName, instance.Name)
+	labels := constants.LabelsFor(constants2.ComponentName, constants2.RBACName, instance.Name)
 
 	sa := &v1.ServiceAccount{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      RBACName,
+			Name:      constants2.RBACName,
 			Namespace: instance.Namespace,
 			Labels:    labels,
 		},
@@ -60,7 +61,7 @@ func (i rbacAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) *
 		})
 		return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create SA: %w", err), instance)
 	}
-	role := kubernetes.CreateRole(instance.Namespace, RBACName, labels, []rbacv1.PolicyRule{
+	role := kubernetes.CreateRole(instance.Namespace, constants2.RBACName, labels, []rbacv1.PolicyRule{
 		{
 			APIGroups: []string{""},
 			Resources: []string{"configmaps"},
@@ -86,13 +87,13 @@ func (i rbacAction) Handle(ctx context.Context, instance *rhtasv1alpha1.CTlog) *
 		})
 		return i.FailedWithStatusUpdate(ctx, fmt.Errorf("could not create Role: %w", err), instance)
 	}
-	rb := kubernetes.CreateRoleBinding(instance.Namespace, RBACName, labels, rbacv1.RoleRef{
+	rb := kubernetes.CreateRoleBinding(instance.Namespace, constants2.RBACName, labels, rbacv1.RoleRef{
 		APIGroup: v1.SchemeGroupVersion.Group,
 		Kind:     "Role",
-		Name:     RBACName,
+		Name:     constants2.RBACName,
 	},
 		[]rbacv1.Subject{
-			{Kind: "ServiceAccount", Name: RBACName, Namespace: instance.Namespace},
+			{Kind: "ServiceAccount", Name: constants2.RBACName, Namespace: instance.Namespace},
 		})
 
 	if err = ctrl.SetControllerReference(instance, rb, i.Client.Scheme()); err != nil {