From 25f6907108350f364937fbfbf980c42fd77f584d Mon Sep 17 00:00:00 2001
From: amaslennikov <amaslennikov@nvidia.com>
Date: Mon, 16 Sep 2024 17:10:22 +0300
Subject: [PATCH] Add operations on daemonsets to cluster role

Operator fails to reconcile on the MaintenanceRequest,
stating it can't access daemonsets

Signed-off-by: amaslennikov <amaslennikov@nvidia.com>
---
 config/rbac/role.yaml                                    | 8 ++++++++
 .../maintenance-operator-chart/templates/role.yaml       | 9 +++++++++
 internal/controller/nodemaintenance_controller.go        | 1 +
 3 files changed, 18 insertions(+)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 574cf8a..5860f13 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -44,6 +44,14 @@ rules:
   - list
   - patch
   - update
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - maintenance.nvidia.com
   resources:
diff --git a/deployment/maintenance-operator-chart/templates/role.yaml b/deployment/maintenance-operator-chart/templates/role.yaml
index 905eb96..1e303bd 100644
--- a/deployment/maintenance-operator-chart/templates/role.yaml
+++ b/deployment/maintenance-operator-chart/templates/role.yaml
@@ -113,6 +113,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - get
+  - list
+  - watch
+
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/internal/controller/nodemaintenance_controller.go b/internal/controller/nodemaintenance_controller.go
index 7ff43af..56f1c54 100644
--- a/internal/controller/nodemaintenance_controller.go
+++ b/internal/controller/nodemaintenance_controller.go
@@ -80,6 +80,7 @@ type NodeMaintenanceReconciler struct {
 //+kubebuilder:rbac:groups="",resources=nodes,verbs=get;update;patch
 //+kubebuilder:rbac:groups="",resources=pods,verbs=get;watch;list;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=pods/eviction,verbs=create;get;list;update;patch;delete
+//+kubebuilder:rbac:groups="apps",resources=daemonsets,verbs=get;watch;list
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.