Skip to content

Commit 4358ed9

Browse files
AlexsJonesAlexsJones
authored
fix: rbac (#86)
* fixing rbac Signed-off-by: Alex Jones <[email protected]> * fixing rbac Signed-off-by: Alex Jones <[email protected]> * fixing rbac Signed-off-by: Alex Jones <[email protected]> * Update kustomization.yaml Signed-off-by: Alex Jones <[email protected]> * Update manager.yaml Signed-off-by: Alex Jones <[email protected]> * Update flagd_kubernetes_sync_clusterrole.yaml Signed-off-by: Alex Jones <[email protected]> Signed-off-by: Alex Jones <[email protected]>
1 parent 1bbf31c commit 4358ed9

File tree

4 files changed

+17
-2
lines changed

4 files changed

+17
-2
lines changed

config/rbac/flagd_kubernetes_sync_clusterrole.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,6 @@ metadata:
44
# Prepends to open-feature-operator-flagd-kubernetes-sync
55
name: flagd-kubernetes-sync
66
rules:
7-
- apiGroups: ["core.openfeature.dev"]
7+
- apiGroups: ["core.openfeature.dev"]
88
resources: ["*"]
99
verbs: ["get", "watch", "list"]

config/rbac/flagd_kubernetes_sync_clusterrolebinding.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
#This adds the default account to the cluster role but will also have deployments added
21
apiVersion: rbac.authorization.k8s.io/v1
32
kind: ClusterRoleBinding
43
metadata:

config/rbac/role.yaml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,14 @@ rules:
2929
- patch
3030
- update
3131
- watch
32+
- apiGroups:
33+
- ""
34+
resources:
35+
- serviceaccounts
36+
verbs:
37+
- get
38+
- list
39+
- watch
3240
- apiGroups:
3341
- core.openfeature.dev
3442
resources:
@@ -55,3 +63,9 @@ rules:
5563
- get
5664
- patch
5765
- update
66+
- apiGroups:
67+
- rbac.authorization.k8s.io
68+
resources:
69+
- '*'
70+
verbs:
71+
- '*'

webhooks/pod_webhook.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,8 @@ var FlagDTag = "main"
3131
//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
3232
//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
3333
//+kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=Ignore,groups="",resources=pods,verbs=create;update,versions=v1,name=mutate.openfeature.dev,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
34+
//+kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=get;list;watch;
35+
//+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=*,verbs=*;
3436

3537
// PodMutator annotates Pods
3638
type PodMutator struct {

0 commit comments

Comments
 (0)