From 5bfbd10124a4f9f16df6f842c2a237f5f193c607 Mon Sep 17 00:00:00 2001 From: Piotr Halama Date: Fri, 29 Nov 2024 11:56:19 +0100 Subject: [PATCH] Add secret rbac for warden operator (#352) (#354) --- charts/warden/charts/warden-operator/templates/rbac.yaml | 8 ++++++++ config/rbac/role.yaml | 7 +++++++ internal/controllers/namespace/controller.go | 2 ++ internal/controllers/pod_controller.go | 1 + 4 files changed, 18 insertions(+) diff --git a/charts/warden/charts/warden-operator/templates/rbac.yaml b/charts/warden/charts/warden-operator/templates/rbac.yaml index d4f5681b..14794461 100644 --- a/charts/warden/charts/warden-operator/templates/rbac.yaml +++ b/charts/warden/charts/warden-operator/templates/rbac.yaml @@ -29,6 +29,14 @@ rules: - update - patch - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 1525ffde..e222f488 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -21,3 +21,10 @@ rules: - list - update - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list diff --git a/internal/controllers/namespace/controller.go b/internal/controllers/namespace/controller.go index b90ae22c..af58da07 100644 --- a/internal/controllers/namespace/controller.go +++ b/internal/controllers/namespace/controller.go @@ -2,6 +2,7 @@ package namespace import ( "context" + "github.com/kyma-project/warden/internal/validate" "github.com/pkg/errors" "sigs.k8s.io/controller-runtime/pkg/predicate" @@ -34,6 +35,7 @@ func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups="",resources=pods,verbs=list;update //+kubebuilder:rbac:groups="",resources=namespaces,verbs=watch +//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/internal/controllers/pod_controller.go b/internal/controllers/pod_controller.go index 9c546603..399250ab 100644 --- a/internal/controllers/pod_controller.go +++ b/internal/controllers/pod_controller.go @@ -104,6 +104,7 @@ func (r *PodReconciler) SetupWithManager(mgr ctrl.Manager) error { //+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;update //+kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch +//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.