Add relevant RBAC to enable controller to watch resources (#776)

varshaprasad96 · varshaprasad96@gmail.com · tmshort · commit fb99b57936c0 · 2024-04-29T14:35:55.000-04:00
Co-authored-by: varshaprasad96@gmail.com &lt;vnarsing@vnarsing-mac.hsd1.ca.comcast.net&gt;
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -4,6 +4,12 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
 - apiGroups:
   - catalogd.operatorframework.io
   resources:
@@ -19,16 +25,27 @@ rules:
   - list
   - watch
 - apiGroups:
-  - core.rukpak.io
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - ""
   resources:
-  - bundledeployments
+  - pods
   verbs:
   - create
-  - get
+  - delete
   - list
-  - patch
-  - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/log
+  verbs:
+  - get
 - apiGroups:
   - kappctrl.k14s.io
   resources:
diff --git a/internal/controllers/clusterextension_controller.go b/internal/controllers/clusterextension_controller.go
@@ -93,8 +93,10 @@ type ClusterExtensionReconciler struct {
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions,verbs=get;list;watch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/status,verbs=update;patch
 //+kubebuilder:rbac:groups=olm.operatorframework.io,resources=clusterextensions/finalizers,verbs=update
-
-//+kubebuilder:rbac:groups=core.rukpak.io,resources=bundledeployments,verbs=get;list;watch;create;update;patch
+//+kubebuilder:rbac:groups=core,resources=pods,verbs=list;watch;create;delete
+//+kubebuilder:rbac:groups=core,resources=configmaps,verbs=list;watch
+//+kubebuilder:rbac:groups=core,resources=pods/log,verbs=get
+//+kubebuilder:rbac:groups=*,resources=*,verbs=*
 
 //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogs,verbs=list;watch
 //+kubebuilder:rbac:groups=catalogd.operatorframework.io,resources=catalogmetadata,verbs=list;watch
