From dedee81d338667c32f9bee2b26fc439ca022c391 Mon Sep 17 00:00:00 2001 From: Michail Resvanis Date: Sat, 3 Dec 2022 00:17:54 +0200 Subject: [PATCH] Fix module reconciler not being able to watch for ConfigMaps error (#179) This fix adds the watch permission for ConfigMaps to the Module reconciler, in order to be able to successfully client.Get() the build Dockerfile ConfigMap. This client.Get() fails because the contoller-runtime client reads from its cache, instead of directly from the API server. The client needs the watch permission, in order to be able to build its cache. - https://github.com/kubernetes-sigs/controller-runtime/issues/1156 Signed-off-by: Michail Resvanis Signed-off-by: Michail Resvanis --- config/rbac/role.yaml | 1 + controllers/module_reconciler.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 397ad6d14..f4c78d334 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -54,6 +54,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/controllers/module_reconciler.go b/controllers/module_reconciler.go index 91e1ca10a..b1afe0bc2 100644 --- a/controllers/module_reconciler.go +++ b/controllers/module_reconciler.go @@ -90,7 +90,7 @@ func NewModuleReconciler( //+kubebuilder:rbac:groups=apps,resources=daemonsets,verbs=create;delete;get;list;patch;watch //+kubebuilder:rbac:groups="core",resources=nodes,verbs=get;list;watch //+kubebuilder:rbac:groups="core",resources=secrets,verbs=get;list;watch -//+kubebuilder:rbac:groups="core",resources=configmaps,verbs=get;list +//+kubebuilder:rbac:groups="core",resources=configmaps,verbs=get;list;watch //+kubebuilder:rbac:groups="core",resources=serviceaccounts,verbs=create;delete;get;list;patch;watch //+kubebuilder:rbac:groups="batch",resources=jobs,verbs=create;list;watch;delete