Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rbac: add permissions for imagestreams, daemonsets, apiservices
Prepare for watching v1 resources (issue opendatahub-io#637) To enable watching for DaemonSet and APIService (REST api resources daemonsets and apiservices) reading/watching permissions required for the operator's role. Otherwise it gets errors like: ``` User "system:serviceaccount:openshift-operators:opendatahub-operator-controller-manager" cannot list resource "daemonsets" in API group "apps" at the cluster scope E1018 20:00:55.374514 1 reflector.go:140] go/pkg/mod/k8s.io/client-go@v0.26.0/tools/cache/reflector.go:169: Failed to watch *v1.DaemonSet: failed to list *v1.DaemonSet: daemonsets.apps is forbidden: User "system:serviceaccount:openshift-operators:opendatahub-operator-controller-manager" cannot list resource "daemonsets" in API group "apps" at the cluster scope ``` For ImageStream `get` permissing is needed for cli.Get() in deploy's manageResources()[1], otherwise it does not set ownersReference (missing the branch apierrs.IsNotFound(err) since err is related to permissions). Autogenerated files: - config/rbac/role.yaml (make manifests) [1] https://github.com/opendatahub-io/opendatahub-operator/blob/13a7e822c0c75f361c319f8256a2d199d031d97c/pkg/deploy/deploy.go#L199 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
- Loading branch information