diff --git a/charts/kafka-operator/templates/operator-rbac.yaml b/charts/kafka-operator/templates/operator-rbac.yaml index d8c8a44cc8..73906bfa1a 100644 --- a/charts/kafka-operator/templates/operator-rbac.yaml +++ b/charts/kafka-operator/templates/operator-rbac.yaml @@ -115,6 +115,63 @@ rules: - get - update - patch +- apiGroups: + - kafka.banzaicloud.io + resources: + - kafkaclusters/finalizers + verbs: + - create + - delete + - patch + - update +- apiGroups: + - kafka.banzaicloud.io + resources: + - kafkausers/finalizer + verbs: + - create + - delete + - patch + - update +- apiGroups: + - kafka.banzaicloud.io + resources: + - kafkatopics/finalizer + verbs: + - create + - delete + - patch + - update +- apiGroups: + - kafka.banzaicloud.io + resources: + - cruisecontroloperations + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - kafka.banzaicloud.io + resources: + - cruisecontroloperations/status + verbs: + - get + - patch + - update +- apiGroups: + - kafka.banzaicloud.io + resources: + - cruisecontroloperations/finalizers + verbs: + - create + - delete + - patch + - update - apiGroups: - "" resources: @@ -234,33 +291,6 @@ rules: - patch - update - watch -- apiGroups: - - kafka.banzaicloud.io - resources: - - cruisecontroloperations - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch -- apiGroups: - - kafka.banzaicloud.io - resources: - - cruisecontroloperations/finalizers - verbs: - - update -- apiGroups: - - kafka.banzaicloud.io - resources: - - cruisecontroloperations/status - verbs: - - get - - patch - - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/config/base/rbac/role.yaml b/config/base/rbac/role.yaml index 62150dc45e..5bf51512c8 100644 --- a/config/base/rbac/role.yaml +++ b/config/base/rbac/role.yaml @@ -178,6 +178,9 @@ rules: resources: - cruisecontroloperations/finalizers verbs: + - create + - delete + - patch - update - apiGroups: - kafka.banzaicloud.io @@ -199,6 +202,15 @@ rules: - patch - update - watch +- apiGroups: + - kafka.banzaicloud.io + resources: + - kafkaclusters/finalizers + verbs: + - create + - delete + - patch + - update - apiGroups: - kafka.banzaicloud.io resources: @@ -220,6 +232,15 @@ rules: - patch - update - watch +- apiGroups: + - kafka.banzaicloud.io + resources: + - kafkatopics/finalizer + verbs: + - create + - delete + - patch + - update - apiGroups: - kafka.banzaicloud.io resources: @@ -241,6 +262,15 @@ rules: - patch - update - watch +- apiGroups: + - kafka.banzaicloud.io + resources: + - kafkausers/finalizer + verbs: + - create + - delete + - patch + - update - apiGroups: - kafka.banzaicloud.io resources: diff --git a/controllers/cruisecontroloperation_controller.go b/controllers/cruisecontroloperation_controller.go index 7ffe1d67a9..1608a92ab2 100644 --- a/controllers/cruisecontroloperation_controller.go +++ b/controllers/cruisecontroloperation_controller.go @@ -70,7 +70,7 @@ type CruiseControlOperationReconciler struct { // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=cruisecontroloperations,verbs=get;list;watch;create;update;patch;delete;deletecollection // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=cruisecontroloperations/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=cruisecontroloperations/finalizers,verbs=update +// +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=cruisecontroloperations/finalizers,verbs=create;update;patch;delete //nolint:gocyclo func (r *CruiseControlOperationReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error) { diff --git a/controllers/kafkacluster_controller.go b/controllers/kafkacluster_controller.go index 15366c6676..74bbabbaee 100644 --- a/controllers/kafkacluster_controller.go +++ b/controllers/kafkacluster_controller.go @@ -79,6 +79,7 @@ type KafkaClusterReconciler struct { // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkaclusters,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkaclusters/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkaclusters/finalizers,verbs=create;update;patch;delete // +kubebuilder:rbac:groups=servicemesh.cisco.com,resources=istiomeshgateways,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=networking.istio.io,resources=*,verbs=* diff --git a/controllers/kafkatopic_controller.go b/controllers/kafkatopic_controller.go index 228e6020df..a6294783d1 100644 --- a/controllers/kafkatopic_controller.go +++ b/controllers/kafkatopic_controller.go @@ -71,6 +71,7 @@ type KafkaTopicReconciler struct { // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkatopics,verbs=get;list;watch;create;update;patch;delete;deletecollection // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkatopics/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkatopics/finalizer,verbs=create;update;patch;delete // Reconcile reconciles the kafka topic func (r *KafkaTopicReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { diff --git a/controllers/kafkauser_controller.go b/controllers/kafkauser_controller.go index 169840bb80..635f6473f5 100644 --- a/controllers/kafkauser_controller.go +++ b/controllers/kafkauser_controller.go @@ -154,6 +154,7 @@ type KafkaUserReconciler struct { // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkausers,verbs=get;list;watch;create;update;patch;delete;deletecollection // +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkausers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=kafka.banzaicloud.io,resources=kafkausers/finalizer,verbs=create;update;patch;delete // +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=cert-manager.io,resources=issuers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=cert-manager.io,resources=clusterissuers,verbs=get;list;watch;create;update;patch;delete