From f801f6640f6179ab57b8cbed8a7d9293fcaf7867 Mon Sep 17 00:00:00 2001 From: Kenny Scharm Date: Thu, 15 Apr 2021 15:12:30 -0400 Subject: [PATCH] Fix rbac configuration to access lease resource (#34) --- config/rbac/role.yaml | 11 +++++++++++ .../controller/varnishcluster_controller.go | 1 + varnish-operator/templates/clusterrole.yaml | 11 +++++++++++ 3 files changed, 23 insertions(+) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a975e4b5..28a29ec1 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -104,6 +104,17 @@ rules: - get - patch - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - monitoring.coreos.com resources: diff --git a/pkg/varnishcluster/controller/varnishcluster_controller.go b/pkg/varnishcluster/controller/varnishcluster_controller.go index 8a46ee33..bc9877be 100644 --- a/pkg/varnishcluster/controller/varnishcluster_controller.go +++ b/pkg/varnishcluster/controller/varnishcluster_controller.go @@ -175,6 +175,7 @@ func NewVarnishReconciler(mgr manager.Manager, cfg *config.Config, logr *logger. // +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=list;watch;create;update;delete // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=list;watch;create;update;delete // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;list;watch;create;update;delete +// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;delete func (r *ReconcileVarnishCluster) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) { logr := r.logger.With(logger.FieldVarnishCluster, request.Name) diff --git a/varnish-operator/templates/clusterrole.yaml b/varnish-operator/templates/clusterrole.yaml index a975e4b5..28a29ec1 100644 --- a/varnish-operator/templates/clusterrole.yaml +++ b/varnish-operator/templates/clusterrole.yaml @@ -104,6 +104,17 @@ rules: - get - patch - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - monitoring.coreos.com resources: