From d858983df636ce58cff92efcc25dacd901968803 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 21 Jul 2025 10:54:38 +0200 Subject: [PATCH] fix: Add RBAC permission to patch events (#824) * fix: Add RBAC permission to patch events * changelog --- CHANGELOG.md | 3 +++ deploy/helm/nifi-operator/templates/roles.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 62b1978c..745c5ab7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,8 @@ All notable changes to this project will be documented in this file. - The default Kubernetes cluster domain name is now fetched from the kubelet API unless explicitly configured. - This requires operators to have the RBAC permission to get nodes/proxy in the apiGroup "". The helm-chart takes care of this. - The CLI argument `--kubernetes-node-name` or env variable `KUBERNETES_NODE_NAME` needs to be set. The helm-chart takes care of this. +- The operator helm-chart now grants RBAC `patch` permissions on `events.k8s.io/events`, + so events can be aggregated (e.g. "error happened 10 times over the last 5 minutes") ([#824]). ### Fixed @@ -74,6 +76,7 @@ All notable changes to this project will be documented in this file. [#818]: https://github.com/stackabletech/nifi-operator/pull/818 [#819]: https://github.com/stackabletech/nifi-operator/pull/819 [#822]: https://github.com/stackabletech/nifi-operator/pull/822 +[#824]: https://github.com/stackabletech/nifi-operator/pull/824 ## [25.3.0] - 2025-03-21 diff --git a/deploy/helm/nifi-operator/templates/roles.yaml b/deploy/helm/nifi-operator/templates/roles.yaml index 85256482..7d6ca35c 100644 --- a/deploy/helm/nifi-operator/templates/roles.yaml +++ b/deploy/helm/nifi-operator/templates/roles.yaml @@ -164,6 +164,7 @@ rules: - events verbs: - create + - patch # Required for Kubernetes-managed clustering, see https://nifi.apache.org/nifi-docs/administration-guide.html#kubernetes-clustering - apiGroups: - coordination.k8s.io