From 1bd0343d603900c9be7fdf0bd2bbbabf83d73448 Mon Sep 17 00:00:00 2001 From: alacuku Date: Tue, 20 Jul 2021 11:09:17 +0200 Subject: [PATCH] fix permisions for service resources on the liqo-gateway component --- deployments/liqo/files/liqo-gateway-Role.yaml | 1 + internal/liqonet/tunnel-operator/labelerOperator.go | 3 +++ internal/liqonet/tunnel-operator/tunnel-operator.go | 2 -- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/deployments/liqo/files/liqo-gateway-Role.yaml b/deployments/liqo/files/liqo-gateway-Role.yaml index 948ae1f9ce..bc0c5d4065 100644 --- a/deployments/liqo/files/liqo-gateway-Role.yaml +++ b/deployments/liqo/files/liqo-gateway-Role.yaml @@ -35,3 +35,4 @@ rules: verbs: - list - update + - watch diff --git a/internal/liqonet/tunnel-operator/labelerOperator.go b/internal/liqonet/tunnel-operator/labelerOperator.go index bd538abccb..66f53a1f6c 100644 --- a/internal/liqonet/tunnel-operator/labelerOperator.go +++ b/internal/liqonet/tunnel-operator/labelerOperator.go @@ -14,6 +14,9 @@ import ( liqoutils "github.com/liqotech/liqo/pkg/liqonet/utils" ) +// +kubebuilder:rbac:groups=core,namespace="do-not-care",resources=pods,verbs=get;list;watch;update +// +kubebuilder:rbac:groups=core,namespace="do-not-care",resources=services,verbs=list;watch;update + const ( // These labels are the ones set during the deployment of liqo using the helm chart. // Any change to those labels on the helm chart has also to be reflected here. diff --git a/internal/liqonet/tunnel-operator/tunnel-operator.go b/internal/liqonet/tunnel-operator/tunnel-operator.go index 59054876e1..ff57e5012f 100644 --- a/internal/liqonet/tunnel-operator/tunnel-operator.go +++ b/internal/liqonet/tunnel-operator/tunnel-operator.go @@ -81,8 +81,6 @@ type TunnelController struct { // role // +kubebuilder:rbac:groups=coordination.k8s.io,namespace="do-not-care",resources=leases,verbs=get;create;update // +kubebuilder:rbac:groups=core,namespace="do-not-care",resources=secrets,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,namespace="do-not-care",resources=pods,verbs=get;list;watch;update -// +kubebuilder:rbac:groups=core,namespace="do-not-care",resources=services,verbs=list;update // NewTunnelController instantiates and initializes the tunnel controller. func NewTunnelController(podIP, namespace string, er record.EventRecorder,