fix control plane rbac

Makefile

@@ -132,11 +132,11 @@ run-bootstrap: generate-bootstrap lint manifests-bootstrap
 	go run ./bootstrap/main.go
 
 # Install CRDs into a cluster
-install-bootstrap: manifests-bootstrap
+install-bootstrap: kustomize manifests-bootstrap
 	$(KUSTOMIZE) build bootstrap/config/crd | kubectl apply -f -
 
 # Uninstall CRDs from a cluster
-uninstall-bootstrap: manifests-bootstrap
+uninstall-bootstrap: kustomize manifests-bootstrap
 	$(KUSTOMIZE) build bootstrap/config/crd | kubectl delete -f -
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
@@ -179,15 +179,15 @@ run-controlplane: generate-controlplane lint manifests-controlplane
 	go run ./controlplane/main.go
 
 # Install CRDs into a cluster
-install-controlplane: manifests-controlplane
+install-controlplane: kustomize manifests-controlplane
 	$(KUSTOMIZE) build controlplane/config/crd | kubectl apply -f -
 
 # Uninstall CRDs from a cluster
-uninstall-controlplane: manifests-controlplane
+uninstall-controlplane: kustomize manifests-controlplane
 	$(KUSTOMIZE) build controlplane/config/crd | kubectl delete -f -
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-deploy-controlplane: manifests-controlplane
+deploy-controlplane: kustomize manifests-controlplane
 	cd controlplane/config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLPLANE_IMG}
 	$(KUSTOMIZE) build controlplane/config/default | kubectl apply -f -
 

bootstrap/config/rbac/role.yaml

@@ -18,6 +18,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - apiextensions.k8s.io
+  resources:
+  - customresourcedefinitions
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - bootstrap.cluster.x-k8s.io
   resources:
@@ -42,16 +50,73 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - bootstrap.cluster.x-k8s.io
+  - controlplane.cluster.x-k8s.io
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cluster.x-k8s.io
   resources:
   - clusters
   - clusters/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  - clusters/status
+  - machines
+  - machines/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
   - machines
   - machines/status
   verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
   - get
   - list
+  - patch
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - get
+  - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - exp.cluster.x-k8s.io

controlplane/controllers/kthreescontrolplane_controller.go

@@ -64,6 +64,13 @@ type KThreesControlPlaneReconciler struct {
 	managementClusterUncached k3s.ManagementCluster
 }
 
+// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;patch
+// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch
+// +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io;bootstrap.cluster.x-k8s.io;controlplane.cluster.x-k8s.io,resources=*,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters;clusters/status,verbs=get;list;watch
+// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=machines;machines/status,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
+
 func (r *KThreesControlPlaneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := r.Log.WithValues("namespace", req.Namespace, "kthreesControlPlane", req.Name)