diff --git a/bundle/manifests/nginx-ingress-operator-nginx-ingress-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/nginx-ingress-operator-nginx-ingress-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml index bc777cfd..7ed6da18 100644 --- a/bundle/manifests/nginx-ingress-operator-nginx-ingress-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/nginx-ingress-operator-nginx-ingress-admin_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -58,6 +58,21 @@ rules: - watch - update - create +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get - apiGroups: - "" resources: diff --git a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml index 9c71ad4b..2dc42554 100644 --- a/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml +++ b/bundle/manifests/nginx-ingress-operator.clusterserviceversion.yaml @@ -224,7 +224,7 @@ metadata: categories: Monitoring, Networking certified: "true" containerImage: quay.io/nginx/nginx-ingress-operator:3.0.0 - createdAt: "2024-12-17T10:28:34Z" + createdAt: "2024-12-17T14:09:56Z" description: The NGINX Ingress Operator is a Kubernetes/OpenShift component which deploys and manages one or more NGINX/NGINX Plus Ingress Controllers features.operators.openshift.io/cnf: "false" @@ -269,6 +269,25 @@ spec: spec: clusterPermissions: - rules: + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch - apiGroups: - "" resources: @@ -481,40 +500,6 @@ spec: runAsNonRoot: true serviceAccountName: nginx-ingress-operator-controller-manager terminationGracePeriodSeconds: 10 - permissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - serviceAccountName: nginx-ingress-operator-controller-manager strategy: deployment installModes: - supported: true diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index 89d930db..0cdb5409 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -1,6 +1,6 @@ # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: labels: app.kubernetes.io/name: role @@ -11,18 +11,6 @@ metadata: app.kubernets.io/managed-by: kustomize name: leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - apiGroups: - coordination.k8s.io resources: diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 88482be7..08808438 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: rolebinding @@ -11,7 +11,7 @@ metadata: name: leader-election-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: leader-election-role subjects: - kind: ServiceAccount diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 3f8e8234..26538bc2 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -175,6 +175,21 @@ rules: - watch - update - create +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get - apiGroups: - "" resources: