chore(config): add permissions for resource types

* add read/update permissions for:
  * apps/daemonsets
  * apps/replicasets
  * apps/statefulsets
  * batch/cronjobs
  * batch/jobs
* remove create/delete permissions for apps/*. (There were no
  create/delete permissions for batch/*.)
* remove patch permissions for events

config/rbac/role.yaml

@@ -7,10 +7,22 @@ rules:
 - apiGroups:
   - apps
   resources:
+  - daemonsets
   - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
   verbs:
-  - create
-  - delete
   - get
   - list
   - patch
@@ -22,7 +34,6 @@ rules:
   - events
   verbs:
   - create
-  - patch
 - apiGroups:
   - ""
   resources:

internal/controller/dash0_controller.go

@@ -46,8 +46,9 @@ func (r *Dash0Reconciler) SetupWithManager(mgr ctrl.Manager) error {
 //+kubebuilder:rbac:groups=operator.dash0.com,resources=dash0s,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=operator.dash0.com,resources=dash0s/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=operator.dash0.com,resources=dash0s/finalizers,verbs=update
-//+kubebuilder:rbac:groups=core,resources=events,verbs=create;patch
-//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=core,resources=events,verbs=create
+//+kubebuilder:rbac:groups=apps,resources=daemonsets;deployments;replicasets;statefulsets,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups=batch,resources=cronjobs;jobs,verbs=get;list;watch;update;patch
 //+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to