From fba8ee36c99c58db9e5ba73dff109697891d9d53 Mon Sep 17 00:00:00 2001 From: liornoy Date: Wed, 18 Jan 2023 19:25:29 +0200 Subject: [PATCH] Add watch verb to the controller This commit fixes the: "Failed to watch apiextensions.k8s.io/v1 ..." "Failed to watch admissionregistration.k8s.io/v1..." errors, by adding the "watch" verb to the required YAMLs. fix #1689 Signed-off-by: liornoy --- charts/metallb/templates/rbac.yaml | 4 ++-- config/manifests/metallb-frr-prometheus.yaml | 2 ++ config/manifests/metallb-frr.yaml | 2 ++ config/manifests/metallb-native-prometheus.yaml | 2 ++ config/manifests/metallb-native.yaml | 2 ++ config/rbac/role.yaml | 2 ++ 6 files changed, 12 insertions(+), 2 deletions(-) diff --git a/charts/metallb/templates/rbac.yaml b/charts/metallb/templates/rbac.yaml index 50d41f50088..1d046257806 100644 --- a/charts/metallb/templates/rbac.yaml +++ b/charts/metallb/templates/rbac.yaml @@ -21,7 +21,7 @@ rules: verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["admissionregistration.k8s.io"] resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["list"] + verbs: ["list", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] resourceNames: ["addresspools.metallb.io","bfdprofiles.metallb.io","bgpadvertisements.metallb.io", @@ -29,7 +29,7 @@ rules: verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["list"] + verbs: ["list", "watch"] {{- if .Values.prometheus.secureMetricsPort }} - apiGroups: ["authentication.k8s.io"] resources: ["tokenreviews"] diff --git a/config/manifests/metallb-frr-prometheus.yaml b/config/manifests/metallb-frr-prometheus.yaml index 809cc46be73..ee1ccdf7263 100644 --- a/config/manifests/metallb-frr-prometheus.yaml +++ b/config/manifests/metallb-frr-prometheus.yaml @@ -1589,6 +1589,7 @@ rules: - mutatingwebhookconfigurations verbs: - list + - watch - apiGroups: - apiextensions.k8s.io resourceNames: @@ -1615,6 +1616,7 @@ rules: - customresourcedefinitions verbs: - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/config/manifests/metallb-frr.yaml b/config/manifests/metallb-frr.yaml index b115e069c4b..717c8bd8a5a 100644 --- a/config/manifests/metallb-frr.yaml +++ b/config/manifests/metallb-frr.yaml @@ -1560,6 +1560,7 @@ rules: - mutatingwebhookconfigurations verbs: - list + - watch - apiGroups: - apiextensions.k8s.io resourceNames: @@ -1586,6 +1587,7 @@ rules: - customresourcedefinitions verbs: - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/config/manifests/metallb-native-prometheus.yaml b/config/manifests/metallb-native-prometheus.yaml index f03e72e0197..6730526284f 100644 --- a/config/manifests/metallb-native-prometheus.yaml +++ b/config/manifests/metallb-native-prometheus.yaml @@ -1589,6 +1589,7 @@ rules: - mutatingwebhookconfigurations verbs: - list + - watch - apiGroups: - apiextensions.k8s.io resourceNames: @@ -1615,6 +1616,7 @@ rules: - customresourcedefinitions verbs: - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/config/manifests/metallb-native.yaml b/config/manifests/metallb-native.yaml index 780dcc36808..b9d7bc56989 100644 --- a/config/manifests/metallb-native.yaml +++ b/config/manifests/metallb-native.yaml @@ -1560,6 +1560,7 @@ rules: - mutatingwebhookconfigurations verbs: - list + - watch - apiGroups: - apiextensions.k8s.io resourceNames: @@ -1586,6 +1587,7 @@ rules: - customresourcedefinitions verbs: - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 043cbdef20a..7bb5f51056b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -57,6 +57,7 @@ rules: - mutatingwebhookconfigurations verbs: - list + - watch - apiGroups: - apiextensions.k8s.io resources: @@ -83,6 +84,7 @@ rules: - customresourcedefinitions verbs: - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole