From e17d4d9f630ae104741931d64bf956b3f97fd839 Mon Sep 17 00:00:00 2001 From: Jan Kantert Date: Thu, 2 May 2024 16:42:28 +0200 Subject: [PATCH] fix kubebuilder annotations and regenerate RBACs --- config/rbac/manager_role.yaml | 157 ------------------ config/rbac/role.yaml | 58 +++++++ .../daemonset/daemonset_controller.go | 9 +- .../deployment/deployment_controller.go | 9 +- .../statefulset/statefulset_controller.go | 9 +- 5 files changed, 73 insertions(+), 169 deletions(-) delete mode 100644 config/rbac/manager_role.yaml create mode 100644 config/rbac/role.yaml diff --git a/config/rbac/manager_role.yaml b/config/rbac/manager_role.yaml deleted file mode 100644 index db20be00..00000000 --- a/config/rbac/manager_role.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -- apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - update - - patch - - delete diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 00000000..a311ea17 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- resources: + - configmaps + verbs: + - get + - list + - patch + - update + - watch +- resources: + - events + verbs: + - create + - patch + - update +- resources: + - secrets + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - patch + - update + - watch diff --git a/pkg/controller/daemonset/daemonset_controller.go b/pkg/controller/daemonset/daemonset_controller.go index 32980f8e..ff41c238 100644 --- a/pkg/controller/daemonset/daemonset_controller.go +++ b/pkg/controller/daemonset/daemonset_controller.go @@ -31,6 +31,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" ) +// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=configmaps,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=events,verbs=create;update;patch + // Add creates a new DaemonSet Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller // and Start it when the Manager is Started. func Add(mgr manager.Manager) error { @@ -84,10 +89,6 @@ type ReconcileDaemonSet struct { // Reconcile reads that state of the cluster for a DaemonSet object and // updates its PodSpec based on mounted configuration -// +kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=configmaps,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=events,verbs=create;update;patch func (r *ReconcileDaemonSet) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { // Fetch the DaemonSet instance instance := &appsv1.DaemonSet{} diff --git a/pkg/controller/deployment/deployment_controller.go b/pkg/controller/deployment/deployment_controller.go index 7ceeb38e..76d6c86e 100644 --- a/pkg/controller/deployment/deployment_controller.go +++ b/pkg/controller/deployment/deployment_controller.go @@ -31,6 +31,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" ) +// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=configmaps,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=events,verbs=create;update;patch + // Add creates a new Deployment Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller // and Start it when the Manager is Started. func Add(mgr manager.Manager) error { @@ -85,10 +90,6 @@ type ReconcileDeployment struct { // Reconcile reads that state of the cluster for a Deployment object and // updates its PodSpec based on mounted configuration -// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=configmaps,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=events,verbs=create;update;patch func (r *ReconcileDeployment) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { // Fetch the Deployment instance instance := &appsv1.Deployment{} diff --git a/pkg/controller/statefulset/statefulset_controller.go b/pkg/controller/statefulset/statefulset_controller.go index 0febb435..0b8da1c4 100644 --- a/pkg/controller/statefulset/statefulset_controller.go +++ b/pkg/controller/statefulset/statefulset_controller.go @@ -31,6 +31,11 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" ) +// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=configmaps,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch;update;patch +// +kubebuilder:rbac:groups=,resources=events,verbs=create;update;patch + // Add creates a new StatefulSet Controller and adds it to the Manager with default RBAC. The Manager will set fields on the Controller // and Start it when the Manager is Started. func Add(mgr manager.Manager) error { @@ -85,10 +90,6 @@ type ReconcileStatefulSet struct { // Reconcile reads that state of the cluster for a StatefulSet object and // updates its PodSpec based on mounted configuration -// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=configmaps,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=secrets,verbs=get;list;watch;update;patch -// +kubebuilder:rbac:groups=,resources=events,verbs=create;update;patch func (r *ReconcileStatefulSet) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { // Fetch the StatefulSet instance instance := &appsv1.StatefulSet{}