From 22d75f6b8ab1f6ee36c0340b9c0a842f8c4048a3 Mon Sep 17 00:00:00 2001 From: Antonin Stefanutti Date: Wed, 3 Apr 2024 18:49:55 +0200 Subject: [PATCH] Add missing RBAC for oauth-proxy ClusterRoleBinding --- config/rbac/role.yaml | 8 ++++++++ pkg/controllers/raycluster_controller.go | 1 + 2 files changed, 9 insertions(+) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c7ef78b4..e5a2ca9f 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -56,6 +56,14 @@ rules: - get - patch - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - delete + - get + - patch - apiGroups: - route.openshift.io resources: diff --git a/pkg/controllers/raycluster_controller.go b/pkg/controllers/raycluster_controller.go index 53999591..9e45bf78 100644 --- a/pkg/controllers/raycluster_controller.go +++ b/pkg/controllers/raycluster_controller.go @@ -73,6 +73,7 @@ var ( // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get // +kubebuilder:rbac:groups=core,resources=services,verbs=patch;delete;get // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=patch;delete;get +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=patch;delete;get // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.