Skip to content

Commit 9f69479

Browse files
muraeemuraee
committed
add /finalizers rbac
This is required for when the managment cluster has OwnerReferencesPermissionEnforcement admission controller enabled.
1 parent 006a40e commit 9f69479

File tree

3 files changed

+14
-0
lines changed

3 files changed

+14
-0
lines changed

config/rbac/role.yaml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,12 @@ rules:
175175
- get
176176
- list
177177
- watch
178+
- apiGroups:
179+
- controlplane.cluster.x-k8s.io
180+
resources:
181+
- rosacontrolplanes/finalizers
182+
verbs:
183+
- update
178184
- apiGroups:
179185
- controlplane.cluster.x-k8s.io
180186
resources:
@@ -409,6 +415,12 @@ rules:
409415
- patch
410416
- update
411417
- watch
418+
- apiGroups:
419+
- infrastructure.cluster.x-k8s.io
420+
resources:
421+
- rosamachinepools/finalizers
422+
verbs:
423+
- update
412424
- apiGroups:
413425
- infrastructure.cluster.x-k8s.io
414426
resources:

controlplane/rosa/controllers/rosacontrolplane_controller.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,6 +115,7 @@ func (r *ROSAControlPlaneReconciler) SetupWithManager(ctx context.Context, mgr c
115115
// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machinepools,verbs=get;list;watch
116116
// +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=rosacontrolplanes,verbs=get;list;watch;update;patch;delete
117117
// +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=rosacontrolplanes/status,verbs=get;update;patch
118+
// +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=rosacontrolplanes/finalizers,verbs=update
118119

119120
// Reconcile will reconcile RosaControlPlane Resources.
120121
func (r *ROSAControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.Result, reterr error) {

exp/controllers/rosamachinepool_controller.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ func (r *ROSAMachinePoolReconciler) SetupWithManager(ctx context.Context, mgr ct
7373
// +kubebuilder:rbac:groups=controlplane.cluster.x-k8s.io,resources=rosacontrolplanes;rosacontrolplanes/status,verbs=get;list;watch
7474
// +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=rosamachinepools,verbs=get;list;watch;update;patch;delete
7575
// +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=rosamachinepools/status,verbs=get;update;patch
76+
// +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io,resources=rosamachinepools/finalizers,verbs=update
7677

7778
// Reconcile reconciles ROSAMachinePool.
7879
func (r *ROSAMachinePoolReconciler) Reconcile(ctx context.Context, req ctrl.Request) (_ ctrl.Result, reterr error) {

0 commit comments

Comments
 (0)