This is an automated email from the ASF dual-hosted git repository.
xianjin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-uniffle.git
The following commit(s) were added to refs/heads/master by this push:
new d0f57efa [#545][FOLLOWUP] update rbac rule for webhook (#566)
d0f57efa is described below
commit d0f57efafa05327dc3460c88fce310f0f8903fb7
Author: advancedxy <[email protected]>
AuthorDate: Thu Feb 9 15:01:45 2023 +0800
[#545][FOLLOWUP] update rbac rule for webhook (#566)
### What changes were proposed in this pull request?
Add runtime class name get/list permission for webhook
### Why are the changes needed?
webhook needs this permission to validate runtime class name
### Does this PR introduce _any_ user-facing change?
Yes. After this, users can specify runtimeClassName
### How was this patch tested?
Verified manually.
---
deploy/kubernetes/operator/config/manager/rss-webhook.yaml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
b/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
index 63b7e901..91acaa5c 100644
--- a/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
+++ b/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
@@ -45,6 +45,9 @@ rules:
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
+ - apiGroups: [ "node.k8s.io"]
+ resources: [ "runtimeclasses" ]
+ verbs: [ "get", "list", "watch" ]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
