From b4362dc093ff8a53a34a4008fd06e193cb19f9a0 Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Tue, 28 Jun 2022 15:59:34 +0200 Subject: [PATCH] [controller] Giving permissions to controller over `ConfigMaps` --- .../limitador-operator.clusterserviceversion.yaml | 11 +++++++++++ config/deploy/manfiests.yaml | 11 +++++++++++ config/install/manifests.yaml | 11 +++++++++++ config/rbac/role.yaml | 11 +++++++++++ controllers/limitador_controller.go | 1 + 5 files changed, 45 insertions(+) diff --git a/bundle/manifests/limitador-operator.clusterserviceversion.yaml b/bundle/manifests/limitador-operator.clusterserviceversion.yaml index 406be03a..0efe2c13 100644 --- a/bundle/manifests/limitador-operator.clusterserviceversion.yaml +++ b/bundle/manifests/limitador-operator.clusterserviceversion.yaml @@ -78,6 +78,17 @@ spec: spec: clusterPermissions: - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/config/deploy/manfiests.yaml b/config/deploy/manfiests.yaml index 844723b8..c0c32a3a 100644 --- a/config/deploy/manfiests.yaml +++ b/config/deploy/manfiests.yaml @@ -224,6 +224,17 @@ metadata: creationTimestamp: null name: limitador-operator-manager-role rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/config/install/manifests.yaml b/config/install/manifests.yaml index fb06303e..eb011651 100644 --- a/config/install/manifests.yaml +++ b/config/install/manifests.yaml @@ -217,6 +217,17 @@ metadata: creationTimestamp: null name: limitador-operatormanager-role rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 001e280d..0eed8028 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -6,6 +6,17 @@ metadata: creationTimestamp: null name: manager-role rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/controllers/limitador_controller.go b/controllers/limitador_controller.go index 1e65456a..b81d82cc 100644 --- a/controllers/limitador_controller.go +++ b/controllers/limitador_controller.go @@ -44,6 +44,7 @@ type LimitadorReconciler struct { //+kubebuilder:rbac:groups=limitador.kuadrant.io,resources=limitadors/finalizers,verbs=update //+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;delete //+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;delete +//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;delete func (r *LimitadorReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error) { logger := r.Logger().WithValues("limitador", req.NamespacedName)