Adding Service and Ingress RBAC rules to kubebuilder annotations

[kincl]

Just a minor fix to add RBAC rules. Let me know if I should make a changelog entry.

[vsoch]

A CHANGELOG entry would be fantastic. Have you tested locally that everything works OK? And just to be sure - this ensures that the operator has control of kubernetes services and networking? If you can share - what did you try to do that didn't work without this added?

[vsoch]

Ping @kincl in case you want to update your notes here - I'm just curious about the reasons for the rules (for my own interest)!

[kincl]

Sure thing @vsoch so we need these extra RBAC rules because the operator is requesting to watch Service[1] and Ingress[2] objects in the cluster because the MiniCluster then creates them[3]. It's possible if you are testing with minikube you may be using the default user that has admin privileges?

[1] https://github.com/flux-framework/flux-operator/blob/main/controllers/flux/minicluster_controller.go#L152
[2] https://github.com/flux-framework/flux-operator/blob/main/controllers/flux/minicluster_controller.go#L149
[3] https://github.com/flux-framework/flux-operator/blob/main/controllers/flux/service.go

[vsoch]

@kincl indeed that is exactly what I am using! Thanks for adding these, let's merge in. And for an FYI we have some fairly robust changes coming soon in #49 - I have to figure out the start of a testing strategy first.