From 36727017ffb54284aae17dd42cb952e8d3672187 Mon Sep 17 00:00:00 2001 From: Eddy Filip Date: Wed, 24 Jan 2024 19:23:53 +0100 Subject: [PATCH] Add RBAC perms for coordination.k8s.io It seems that with the latest changes to Kubernetes and Kustomize, we need to add additional RBAC to the service account used so that it can properly access the `leases` resource. --- config/rbac/role.yaml | 9 +++++++++ internal/controller/onepassworditem_controller.go | 1 + 2 files changed, 10 insertions(+) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a5af45d7..a1f01779 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -86,6 +86,15 @@ rules: - get - patch - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update - apiGroups: - monitoring.coreos.com resources: diff --git a/internal/controller/onepassworditem_controller.go b/internal/controller/onepassworditem_controller.go index 69ec2aa5..57610b9b 100644 --- a/internal/controller/onepassworditem_controller.go +++ b/internal/controller/onepassworditem_controller.go @@ -67,6 +67,7 @@ type OnePasswordItemReconciler struct { //+kubebuilder:rbac:groups=apps,resourceNames=onepassword-connect-operator,resources=deployments/finalizers,verbs=update //+kubebuilder:rbac:groups=onepassword.com,resources=*,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create +//+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.