Skip to content

Commit be38693

Browse files
e0nee0ne
authored
chore: auto sync RBAC from config to helm (Mellanox#1479)
2 parents 8ec64a1 + b9be3b0 commit be38693

File tree

8 files changed

+309
-372
lines changed

8 files changed

+309
-372
lines changed

Makefile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -391,6 +391,7 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi
391391
manifests: $(CONTROLLER_GEN) ## Generate manifests e.g. CRD, RBAC etc.
392392
$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
393393
cp config/crd/bases/* deployment/network-operator/crds/
394+
hack/scripts/update-helm-role.sh
394395

395396
generate: $(CONTROLLER_GEN) ## Generate code
396397
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."

api/v1alpha1/zz_generated.deepcopy.go

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

config/rbac/role.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@ rules:
1414
- persistentvolumeclaims
1515
- pods
1616
- pods/eviction
17+
- pods/finalizers
1718
- pods/status
1819
- secrets
1920
- serviceaccounts
@@ -268,6 +269,7 @@ rules:
268269
- ippools
269270
verbs:
270271
- create
272+
- deletecollection
271273
- get
272274
- list
273275
- watch

controllers/nicclusterpolicy_controller.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,7 @@ type NicClusterPolicyReconciler struct {
7272
// +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch;update;patch
7373
// +kubebuilder:rbac:groups="",resources=pods,verbs=list
7474
// +kubebuilder:rbac:groups="",resources=pods/eviction,verbs=create;delete;get;list;patch;update;watch
75+
// +kubebuilder:rbac:groups="",resources=pods/finalizers,verbs=create;delete;get;list;patch;update;watch
7576
// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get
7677
// +kubebuilder:rbac:groups="",resources=configmaps/finalizers,verbs=update
7778
// +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;replicasets;statefulsets,verbs=get;list;watch;create;update;patch;delete
@@ -84,9 +85,9 @@ type NicClusterPolicyReconciler struct {
8485
// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete
8586
// +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete
8687
// +kubebuilder:rbac:groups=config.openshift.io,resources=proxies;clusterversions,verbs=get;list;watch
87-
// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=ippools,verbs=get;list;watch;create;
88+
// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=ippools,verbs=get;list;watch;create;deletecollection;
8889
// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=ippools/status,verbs=get;update;patch;
89-
// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=cidrpools,verbs=get;list;watch;create;
90+
// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=cidrpools,verbs=get;list;watch;create;deletecollection;
9091
// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=cidrpools/status,verbs=get;update;patch;
9192
// +kubebuilder:rbac:groups=cert-manager.io,resources=issuers;certificates,verbs=get;list;watch;create;update;patch;delete
9293
// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete

0 commit comments

Comments
 (0)