Add RBAC perms for coordination.k8s.io

It seems that with the latest changes to Kubernetes and Kustomize, we need to add additional RBAC to the service account used so that it can properly access the `leases` resource.
1Password · Jan 24, 2024 · 3672701 · 3672701
1 parent 2d8efec
commit 3672701
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -86,6 +86,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+  - get
+  - list
+  - update
 - apiGroups:
   - monitoring.coreos.com
   resources:

diff --git a/internal/controller/onepassworditem_controller.go b/internal/controller/onepassworditem_controller.go
@@ -67,6 +67,7 @@ type OnePasswordItemReconciler struct {
 //+kubebuilder:rbac:groups=apps,resourceNames=onepassword-connect-operator,resources=deployments/finalizers,verbs=update
 //+kubebuilder:rbac:groups=onepassword.com,resources=*,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create
+//+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.