Update RBAC
Signed-off-by: Gao Hongtao <hanahmily@gmail.com>
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 3708808..ec7c9b9 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -17,3 +17,9 @@
resources:
- manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+ newName: hanahmily/swck
+ newTag: latest
diff --git a/config/rbac/oapserver_editor_role.yaml b/config/rbac/oapserver_editor_role.yaml
deleted file mode 100644
index 5c46c84..0000000
--- a/config/rbac/oapserver_editor_role.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# permissions for end users to edit oapservers.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: oapserver-editor-role
-rules:
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers/status
- verbs:
- - get
diff --git a/config/rbac/oapserver_viewer_role.yaml b/config/rbac/oapserver_viewer_role.yaml
deleted file mode 100644
index 97cdbab..0000000
--- a/config/rbac/oapserver_viewer_role.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# permissions for end users to view oapservers.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: oapserver-viewer-role
-rules:
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers/status
- verbs:
- - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 8424a5f..491934b 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -7,6 +7,18 @@
name: manager-role
rules:
- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
- operator.skywalking.apache.org
resources:
- oapservers
diff --git a/controllers/oapserver_controller.go b/controllers/oapserver_controller.go
index 1600fb0..034b448 100644
--- a/controllers/oapserver_controller.go
+++ b/controllers/oapserver_controller.go
@@ -48,6 +48,7 @@
// +kubebuilder:rbac:groups=operator.skywalking.apache.org,resources=oapservers,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=operator.skywalking.apache.org,resources=oapservers/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
func (r *OAPServerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
ctx := context.Background()
diff --git a/main.go b/main.go
index 1364ec2..c338729 100644
--- a/main.go
+++ b/main.go
@@ -61,6 +61,7 @@
Scheme: scheme,
MetricsBindAddress: "0",
LeaderElection: enableLeaderElection,
+ LeaderElectionID: "aaa.swck",
Port: 9443,
})
if err != nil {