From 4c4a7b8788901e73ffb5a2b80f574179ca0fe129 Mon Sep 17 00:00:00 2001 From: sangdammad <86688098+sangdammad@users.noreply.github.com> Date: Thu, 6 Oct 2022 09:11:56 -0500 Subject: [PATCH] fix:set replicaset and deployment permission to add list and watch (#26) Co-authored-by: Sangeetha Madamanchi --- Makefile | 4 ++-- charts/overwhelm/Chart.yaml | 2 +- charts/overwhelm/templates/overwhelm-manager-role-cr.yaml | 4 ++++ config/rbac/role.yaml | 4 ++++ controllers/application_controller.go | 4 ++-- 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index feedee6..7b53436 100644 --- a/Makefile +++ b/Makefile @@ -108,7 +108,7 @@ vet: ## Run go vet against code. .PHONY: test test: manifests generate fmt vet envtest ## Run tests. - KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) --arch=amd64 use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out .PHONY: pretest @@ -276,7 +276,7 @@ run-delve: generate fmt vet manifests .PHONY: kind-install-deps kind-install-deps: - -curl -s https://fluxcd.io/install.sh | sudo bash + -curl -s https://fluxcd.io/install.sh | bash .PHONY: kind-create-cluster kind-create-cluster: diff --git a/charts/overwhelm/Chart.yaml b/charts/overwhelm/Chart.yaml index e6ab715..d580e6c 100644 --- a/charts/overwhelm/Chart.yaml +++ b/charts/overwhelm/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: overwhelm -version: 1.1.2 +version: 1.1.3 maintainers: - name: "Expedia Group" url: "https://github.com/ExpediaGroup/overwhelm" \ No newline at end of file diff --git a/charts/overwhelm/templates/overwhelm-manager-role-cr.yaml b/charts/overwhelm/templates/overwhelm-manager-role-cr.yaml index f83eb0b..1d4ae23 100755 --- a/charts/overwhelm/templates/overwhelm-manager-role-cr.yaml +++ b/charts/overwhelm/templates/overwhelm-manager-role-cr.yaml @@ -10,12 +10,16 @@ rules: - deployments verbs: - get + - list + - watch - apiGroups: - apps resources: - replicasets verbs: - get + - list + - watch - apiGroups: - "" resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index fe90d89..28b817d 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -11,12 +11,16 @@ rules: - deployments verbs: - get + - list + - watch - apiGroups: - apps resources: - replicasets verbs: - get + - list + - watch - apiGroups: - "" resources: diff --git a/controllers/application_controller.go b/controllers/application_controller.go index ccbe229..cccbe25 100644 --- a/controllers/application_controller.go +++ b/controllers/application_controller.go @@ -76,8 +76,8 @@ var log logr.Logger //+kubebuilder:rbac:groups=helm.toolkit.fluxcd.io,resources=helmreleases/status,verbs=get;update;patch //+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch //+kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;watch -//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get -//+kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get +//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch +//+kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;watch // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.