Skip to content

Commit

Permalink
Broaden team controller rbac permissions
Browse files Browse the repository at this point in the history 
Adds support for external-secrets, prometheus, sloth
  • Loading branch information
@mojochao
mojochao committed Mar 6, 2023
1 parent 910eaa8 commit 82ec873
Show file tree
Hide file tree
Showing 4 changed files with 87 additions and 1 deletion.
42 changes: 42 additions & 0 deletions charts/spaces-operator/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,35 @@ rules:
- get
- list
- watch
- apiGroups:
- external-secrets.io
resources:
- externalsecrets
- secretstores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagerconfigs
- alertmanagers
- podmonitors
- probes
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
Expand Down Expand Up @@ -217,6 +246,18 @@ rules:
- patch
- update
- watch
- apiGroups:
- sloth.slok.dev
resources:
- prometheusservicelevels
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- spaces.samba.tv
resources:
Expand Down Expand Up @@ -273,3 +314,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: spaces-operator-controller-manager
namespace: {{ .Release.Namespace }}
2 changes: 1 addition & 1 deletion charts/spaces-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,4 +90,4 @@ podDisruptionBudget:
enabled: true

prometheus:
enabled: false
enabled: true
41 changes: 41 additions & 0 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,35 @@ rules:
- get
- list
- watch
- apiGroups:
- external-secrets.io
resources:
- externalsecrets
- secretstores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- alertmanagerconfigs
- alertmanagers
- podmonitors
- probes
- servicemonitors
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- networking.k8s.io
resources:
Expand Down Expand Up @@ -169,6 +198,18 @@ rules:
- patch
- update
- watch
- apiGroups:
- sloth.slok.dev
resources:
- prometheusservicelevels
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- spaces.samba.tv
resources:
Expand Down
3 changes: 3 additions & 0 deletions controllers/v1beta1/team_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,9 @@ type TeamReconciler struct {
// +kubebuilder:rbac:groups=batch,resources=cronjobs;cronjobs/status;jobs;jobs/status,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles;clusterrolebindings;roles;rolebindings,verbs=get;list;watch;create;update;patch
// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingressclasses;ingresses;ingresses/status,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=external-secrets.io,resources=externalsecrets;secretstores,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers;alertmanagerconfigs;podmonitors;probes;servicemonitors,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=sloth.slok.dev,resources=prometheusservicelevels,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=spaces.samba.tv,resources=teams,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=spaces.samba.tv,resources=teams/status,verbs=get;update;patch
Expand Down

0 comments on commit 82ec873

Please sign in to comment.