From 94913ea5d5d3e6a30daf17830bc28bb13e65414d Mon Sep 17 00:00:00 2001
From: Joseph <joseph.t.lee@outlook.com>
Date: Wed, 2 Nov 2022 21:42:19 +0800
Subject: [PATCH] koord-manager: update RBAC (#779)

Signed-off-by: Joseph <joseph.t.lee@outlook.com>
---
 config/rbac/role.yaml                                    | 9 +++++++++
 .../noderesource/noderesource_controller.go              | 2 +-
 pkg/webhook/pod/mutating/cluster_colocation_profile.go   | 1 +
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 3938ea381..33b598db8 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -41,6 +41,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -48,6 +56,7 @@ rules:
   verbs:
   - get
   - list
+  - patch
   - watch
 - apiGroups:
   - ""
diff --git a/pkg/slo-controller/noderesource/noderesource_controller.go b/pkg/slo-controller/noderesource/noderesource_controller.go
index 883085103..afdb8e1b6 100644
--- a/pkg/slo-controller/noderesource/noderesource_controller.go
+++ b/pkg/slo-controller/noderesource/noderesource_controller.go
@@ -52,7 +52,7 @@ type NodeResourceReconciler struct {
 }
 
 // +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch
-// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch
+// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch;patch
 // +kubebuilder:rbac:groups=core,resources=nodes/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch
 // +kubebuilder:rbac:groups=scheduling.koordinator.sh,resources=devices,verbs=get;list;watch
diff --git a/pkg/webhook/pod/mutating/cluster_colocation_profile.go b/pkg/webhook/pod/mutating/cluster_colocation_profile.go
index 59dacdf4b..bfe1d7565 100644
--- a/pkg/webhook/pod/mutating/cluster_colocation_profile.go
+++ b/pkg/webhook/pod/mutating/cluster_colocation_profile.go
@@ -39,6 +39,7 @@ import (
 	utilclient "github.com/koordinator-sh/koordinator/pkg/util/client"
 )
 
+// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch
 // +kubebuilder:rbac:groups=config.koordinator.sh,resources=clustercolocationprofiles,verbs=get;list;watch
 
 func (h *PodMutatingHandler) clusterColocationProfileMutatingPod(ctx context.Context, req admission.Request, pod *corev1.Pod) error {