Skip to content

Commit 989a974

Browse files
GabriFedi97GabriFedi97
committed
fix: add clusters/finalizers rbac
Add the required missing permission to operate in k8s environments where the Admission Controller Plugin "OwnerReferencesPermissionEnforcement" is enabled. Signed-off-by: Gabriele Fedi <[email protected]>
1 parent 33172b6 commit 989a974

File tree

2 files changed

+7
-0
lines changed

2 files changed

+7
-0
lines changed

config/rbac/role.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,12 @@ rules:
4848
- get
4949
- list
5050
- watch
51+
- apiGroups:
52+
- postgresql.cnpg.io
53+
resources:
54+
- clusters/finalizers
55+
verbs:
56+
- update
5157
- apiGroups:
5258
- rbac.authorization.k8s.io
5359
resources:

internal/controller/objectstore_controller.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,7 @@ type ObjectStoreReconciler struct {
3737
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;patch;update;get;list;watch
3838
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;patch;update;get;list;watch
3939
// +kubebuilder:rbac:groups="",resources=secrets,verbs=create;list;get;watch;delete
40+
// +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=clusters/finalizers,verbs=update
4041
// +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=backups,verbs=get;list;watch
4142
// +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores,verbs=get;list;watch;create;update;patch;delete
4243
// +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores/status,verbs=get;update;patch

0 commit comments

Comments
 (0)