This is an automated email from the ASF dual-hosted git repository.
wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking-swck.git
commit 315f2c538451cbe76836ab7b398891790d09f650
Author: Gao Hongtao <hanahm...@gmail.com>
AuthorDate: Sun Oct 18 15:53:34 2020 +0800
Update RBAC
Signed-off-by: Gao Hongtao <hanahm...@gmail.com>
---
config/manager/kustomization.yaml | 6 ++++++
config/rbac/oapserver_editor_role.yaml | 24 ------------------------
config/rbac/oapserver_viewer_role.yaml | 20 --------------------
config/rbac/role.yaml | 12 ++++++++++++
controllers/oapserver_controller.go | 1 +
main.go | 1 +
6 files changed, 20 insertions(+), 44 deletions(-)
diff --git a/config/manager/kustomization.yaml
b/config/manager/kustomization.yaml
index 3708808..ec7c9b9 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -17,3 +17,9 @@
resources:
- manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+ newName: hanahmily/swck
+ newTag: latest
diff --git a/config/rbac/oapserver_editor_role.yaml
b/config/rbac/oapserver_editor_role.yaml
deleted file mode 100644
index 5c46c84..0000000
--- a/config/rbac/oapserver_editor_role.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# permissions for end users to edit oapservers.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: oapserver-editor-role
-rules:
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers
- verbs:
- - create
- - delete
- - get
- - list
- - patch
- - update
- - watch
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers/status
- verbs:
- - get
diff --git a/config/rbac/oapserver_viewer_role.yaml
b/config/rbac/oapserver_viewer_role.yaml
deleted file mode 100644
index 97cdbab..0000000
--- a/config/rbac/oapserver_viewer_role.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# permissions for end users to view oapservers.
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: oapserver-viewer-role
-rules:
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - operator.skywalking.apache.org
- resources:
- - oapservers/status
- verbs:
- - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 8424a5f..491934b 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -7,6 +7,18 @@ metadata:
name: manager-role
rules:
- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
- operator.skywalking.apache.org
resources:
- oapservers
diff --git a/controllers/oapserver_controller.go
b/controllers/oapserver_controller.go
index 1600fb0..034b448 100644
--- a/controllers/oapserver_controller.go
+++ b/controllers/oapserver_controller.go
@@ -48,6 +48,7 @@ type OAPServerReconciler struct {
//
+kubebuilder:rbac:groups=operator.skywalking.apache.org,resources=oapservers,verbs=get;list;watch;create;update;patch;delete
//
+kubebuilder:rbac:groups=operator.skywalking.apache.org,resources=oapservers/status,verbs=get;update;patch
+//
+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
func (r *OAPServerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error)
{
ctx := context.Background()
diff --git a/main.go b/main.go
index 1364ec2..c338729 100644
--- a/main.go
+++ b/main.go
@@ -61,6 +61,7 @@ func main() {
Scheme: scheme,
MetricsBindAddress: "0",
LeaderElection: enableLeaderElection,
+ LeaderElectionID: "aaa.swck",
Port: 9443,
})
if err != nil {
