diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 0655c47..89a965a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -8,93 +8,12 @@ rules: - /metrics verbs: - get -- apiGroups: - - "" - resources: - - configmaps - - events - - namespaces - - pods - - secrets - - serviceaccounts - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - '*' resources: - '*' verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - app.ksctl.com - resources: - - stacks - verbs: - '*' -- apiGroups: - - apps - resources: - - daemonsets - - deployments - - statefulsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - manage.ksctl.com resources: @@ -121,18 +40,3 @@ rules: - get - patch - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - clusterroles - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch diff --git a/go.mod b/go.mod index 94b79e2..004c7b2 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ toolchain go1.23.4 require ( github.com/gookit/goutil v0.6.18 - github.com/ksctl/ksctl/v2 v2.0.0-rc.2 + github.com/ksctl/ksctl/v2 v2.0.0-rc.3 github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.35.1 k8s.io/api v0.32.0 diff --git a/go.sum b/go.sum index 8e235c1..4db9759 100644 --- a/go.sum +++ b/go.sum @@ -86,6 +86,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/ksctl/ksctl/v2 v2.0.0-rc.2 h1:/8t1QBV0IXZ7aUbE6daBtnwiMkPkn6IZxBXu3LRFf+8= github.com/ksctl/ksctl/v2 v2.0.0-rc.2/go.mod h1:24QA7D2r/7YMVMFlKgpn8xHsIHPmPxaCtjAvJYynLps= +github.com/ksctl/ksctl/v2 v2.0.0-rc.3 h1:+s3C+rjhoa4pFG+xr2KxPoeLl+4+i/osLAOaLqyHkWQ= +github.com/ksctl/ksctl/v2 v2.0.0-rc.3/go.mod h1:SicEdTFawWT4hGTnKsPBrDu673XDm7CHDzKpcujuib4= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= diff --git a/internal/controller/clusteraddon_controller.go b/internal/controller/clusteraddon_controller.go index 0f25788..fc24584 100644 --- a/internal/controller/clusteraddon_controller.go +++ b/internal/controller/clusteraddon_controller.go @@ -47,15 +47,8 @@ const managerFinalizer string = "finalizer.manage.ksctl.com" // +kubebuilder:rbac:groups=manage.ksctl.com,resources=clusteraddons,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=manage.ksctl.com,resources=clusteraddons/status,verbs=get;update;patch // +kubebuilder:rbac:groups=manage.ksctl.com,resources=clusteraddons/finalizers,verbs=update -// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;roles;rolebindings,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations;mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;statefulsets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups="",resources=namespaces;serviceaccounts;services;configmaps;secrets;pods;events,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:urls=/metrics,verbs=get -// +kubebuilder:rbac:groups=*,resources=*,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=app.ksctl.com,resources=stacks,verbs=* +// +kubebuilder:rbac:groups=*,resources=*,verbs=* func (r *ClusterAddonReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { l := log.FromContext(ctx)