update: add missing permissions

- some error that kueue, dashboard, TO cannot list resources

Signed-off-by: Wen Zhou <wenzhou@redhat.com>

bundle/manifests/opendatahub-operator.clusterserviceversion.yaml

@@ -836,14 +836,11 @@ spec:
           - monitoring.coreos.com
           resources:
           - alertmanagerconfigs
-          - alertmanagers
           - alertmanagers/finalizers
           - alertmanagers/status
-          - probes
           - prometheuses
           - prometheuses/finalizers
           - prometheuses/status
-          - thanosrulers
           - thanosrulers/finalizers
           - thanosrulers/status
           verbs:
@@ -855,26 +852,28 @@ spec:
         - apiGroups:
           - monitoring.coreos.com
           resources:
-          - podmonitors
+          - alertmanagers
+          - probes
+          - prometheusrules
           verbs:
           - create
           - delete
+          - deletecollection
           - get
           - list
           - patch
-          - update
           - watch
         - apiGroups:
           - monitoring.coreos.com
           resources:
-          - prometheusrules
+          - podmonitors
           verbs:
           - create
           - delete
-          - deletecollection
           - get
           - list
           - patch
+          - update
           - watch
         - apiGroups:
           - monitoring.coreos.com
@@ -889,6 +888,18 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - monitoring.coreos.com
+          resources:
+          - thanosrulers
+          verbs:
+          - :list
+          - create
+          - delete
+          - deletecollection
+          - get
+          - patch
+          - watch
         - apiGroups:
           - networking.istio.io
           resources:
@@ -1162,7 +1173,9 @@ spec:
           - create
           - delete
           - get
+          - list
           - patch
+          - watch
         - apiGroups:
           - template.openshift.io
           resources:

config/rbac/role.yaml

@@ -588,14 +588,11 @@ rules:
   - monitoring.coreos.com
   resources:
   - alertmanagerconfigs
-  - alertmanagers
   - alertmanagers/finalizers
   - alertmanagers/status
-  - probes
   - prometheuses
   - prometheuses/finalizers
   - prometheuses/status
-  - thanosrulers
   - thanosrulers/finalizers
   - thanosrulers/status
   verbs:
@@ -607,26 +604,28 @@ rules:
 - apiGroups:
   - monitoring.coreos.com
   resources:
-  - podmonitors
+  - alertmanagers
+  - probes
+  - prometheusrules
   verbs:
   - create
   - delete
+  - deletecollection
   - get
   - list
   - patch
-  - update
   - watch
 - apiGroups:
   - monitoring.coreos.com
   resources:
-  - prometheusrules
+  - podmonitors
   verbs:
   - create
   - delete
-  - deletecollection
   - get
   - list
   - patch
+  - update
   - watch
 - apiGroups:
   - monitoring.coreos.com
@@ -641,6 +640,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - thanosrulers
+  verbs:
+  - :list
+  - create
+  - delete
+  - deletecollection
+  - get
+  - patch
+  - watch
 - apiGroups:
   - networking.istio.io
   resources:
@@ -914,7 +925,9 @@ rules:
   - create
   - delete
   - get
+  - list
   - patch
+  - watch
 - apiGroups:
   - template.openshift.io
   resources:

controllers/datasciencecluster/kubebuilder_rbac.go

@@ -15,7 +15,7 @@ package datasciencecluster
 
 // +kubebuilder:rbac:groups="apiextensions.k8s.io",resources=customresourcedefinitions,verbs=get;list;watch;create;patch;delete
 
-// +kubebuilder:rbac:groups="snapshot.storage.k8s.io",resources=volumesnapshots,verbs=create;delete;patch;get
+
 
 // +kubebuilder:rbac:groups="security.openshift.io",resources=securitycontextconstraints,verbs=*,resourceNames=restricted
 // +kubebuilder:rbac:groups="security.openshift.io",resources=securitycontextconstraints,verbs=*,resourceNames=anyuid
@@ -140,6 +140,7 @@ package datasciencecluster
 // +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=odhdocuments,verbs=create;get;patch;list;delete;watch
 // +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=odhapplications,verbs=create;get;patch;list;delete;watch
 // +kubebuilder:rbac:groups="dashboard.opendatahub.io",resources=acceleratorprofiles,verbs=create;get;patch;list;delete;watch
+// +kubebuilder:rbac:groups="snapshot.storage.k8s.io",resources=volumesnapshots,verbs=create;delete;patch;get;list;watch
 
 // ModelRegistry
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=modelregistries,verbs=get;list;watch;create;update;patch;delete
@@ -156,6 +157,13 @@ package datasciencecluster
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=kueues/finalizers,verbs=update
 // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheusrules,verbs=get;create;patch;delete;deletecollection;list;watch
 // +kubebuilder:rbac:groups="monitoring.coreos.com",resources=podmonitors,verbs=get;create;delete;update;watch;list;patch
+// +kubebuilder:rbac:groups="snapshot.storage.k8s.io",resources=volumesnapshots,verbs=create;delete;patch;get;list;watch
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=servicemonitors,verbs=get;create;delete;update;watch;list;patch;deletecollection
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheusrules,verbs=get;create;patch;delete;deletecollection
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=prometheuses,verbs=get;create;patch;delete;deletecollection
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=alertmanagers,verbs=get;create;patch;delete;deletecollection;list;watch
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=thanosrulers,verbs=get;create;patch;delete;deletecollection;:list;watch
+// +kubebuilder:rbac:groups="monitoring.coreos.com",resources=probes,verbs=get;create;patch;delete;deletecollection;list;watch
 
 // TODO: CFO
 //+kubebuilder:rbac:groups=components.opendatahub.io,resources=codeflares,verbs=get;list;watch;create;update;patch;delete
@@ -216,6 +224,7 @@ package datasciencecluster
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=trainingoperators,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=trainingoperators/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=trainingoperators/finalizers,verbs=update
+// +kubebuilder:rbac:groups="snapshot.storage.k8s.io",resources=volumesnapshots,verbs=create;delete;patch;get;list;watch
 
 // TODO: ModelMesh
 // +kubebuilder:rbac:groups=components.opendatahub.io,resources=modelmeshservings,verbs=get;list;watch;create;update;patch;delete