fix control plane rbac

k3s-io · Aug 18, 2023 · 3fa7080 · 3fa7080
1 parent 48d4265
commit 3fa7080
Show file tree

Hide file tree

Showing 2 changed files with 70 additions and 5 deletions.
diff --git a/Makefile b/Makefile
@@ -132,11 +132,11 @@ run-bootstrap: generate-bootstrap lint manifests-bootstrap
 	go run ./bootstrap/main.go
 
 # Install CRDs into a cluster
-install-bootstrap: kustomize manifests-bootstrap
+install-bootstrap: manifests-bootstrap
 	$(KUSTOMIZE) build bootstrap/config/crd | kubectl apply -f -
 
 # Uninstall CRDs from a cluster
-uninstall-bootstrap: kustomize manifests-bootstrap
+uninstall-bootstrap: manifests-bootstrap
 	$(KUSTOMIZE) build bootstrap/config/crd | kubectl delete -f -
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
@@ -179,15 +179,15 @@ run-controlplane: generate-controlplane lint manifests-controlplane
 	go run ./controlplane/main.go
 
 # Install CRDs into a cluster
-install-controlplane: kustomize manifests-controlplane
+install-controlplane: manifests-controlplane
 	$(KUSTOMIZE) build controlplane/config/crd | kubectl apply -f -
 
 # Uninstall CRDs from a cluster
-uninstall-controlplane: kustomize manifests-controlplane
+uninstall-controlplane: manifests-controlplane
 	$(KUSTOMIZE) build controlplane/config/crd | kubectl delete -f -
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-deploy-controlplane: kustomize manifests-controlplane
+deploy-controlplane: manifests-controlplane
 	cd controlplane/config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLPLANE_IMG}
 	$(KUSTOMIZE) build controlplane/config/default | kubectl apply -f -
 

diff --git a/controlplane/config/rbac/role.yaml b/controlplane/config/rbac/role.yaml
@@ -18,6 +18,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - bootstrap.cluster.x-k8s.io
   resources:
@@ -42,16 +50,73 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  - controlplane.cluster.x-k8s.io
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cluster.x-k8s.io
   resources:
   - clusters
   - clusters/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  - machines
+  - machines/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
   - machines
   - machines/status
   verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
   - get
   - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - exp.cluster.x-k8s.io