This is an automated email from the ASF dual-hosted git repository. wusheng pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/skywalking-swck.git
commit 315f2c538451cbe76836ab7b398891790d09f650 Author: Gao Hongtao <hanahm...@gmail.com> AuthorDate: Sun Oct 18 15:53:34 2020 +0800 Update RBAC Signed-off-by: Gao Hongtao <hanahm...@gmail.com> --- config/manager/kustomization.yaml | 6 ++++++ config/rbac/oapserver_editor_role.yaml | 24 ------------------------ config/rbac/oapserver_viewer_role.yaml | 20 -------------------- config/rbac/role.yaml | 12 ++++++++++++ controllers/oapserver_controller.go | 1 + main.go | 1 + 6 files changed, 20 insertions(+), 44 deletions(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 3708808..ec7c9b9 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -17,3 +17,9 @@ resources: - manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: hanahmily/swck + newTag: latest diff --git a/config/rbac/oapserver_editor_role.yaml b/config/rbac/oapserver_editor_role.yaml deleted file mode 100644 index 5c46c84..0000000 --- a/config/rbac/oapserver_editor_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# permissions for end users to edit oapservers. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: oapserver-editor-role -rules: -- apiGroups: - - operator.skywalking.apache.org - resources: - - oapservers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - operator.skywalking.apache.org - resources: - - oapservers/status - verbs: - - get diff --git a/config/rbac/oapserver_viewer_role.yaml b/config/rbac/oapserver_viewer_role.yaml deleted file mode 100644 index 97cdbab..0000000 --- a/config/rbac/oapserver_viewer_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# permissions for end users to view oapservers. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: oapserver-viewer-role -rules: -- apiGroups: - - operator.skywalking.apache.org - resources: - - oapservers - verbs: - - get - - list - - watch -- apiGroups: - - operator.skywalking.apache.org - resources: - - oapservers/status - verbs: - - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 8424a5f..491934b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -7,6 +7,18 @@ metadata: name: manager-role rules: - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: - operator.skywalking.apache.org resources: - oapservers diff --git a/controllers/oapserver_controller.go b/controllers/oapserver_controller.go index 1600fb0..034b448 100644 --- a/controllers/oapserver_controller.go +++ b/controllers/oapserver_controller.go @@ -48,6 +48,7 @@ type OAPServerReconciler struct { // +kubebuilder:rbac:groups=operator.skywalking.apache.org,resources=oapservers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=operator.skywalking.apache.org,resources=oapservers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete func (r *OAPServerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() diff --git a/main.go b/main.go index 1364ec2..c338729 100644 --- a/main.go +++ b/main.go @@ -61,6 +61,7 @@ func main() { Scheme: scheme, MetricsBindAddress: "0", LeaderElection: enableLeaderElection, + LeaderElectionID: "aaa.swck", Port: 9443, }) if err != nil {