From bd2eedf91ea0590fa70d3e3248179947dfd8f84c Mon Sep 17 00:00:00 2001 From: timsn Date: Wed, 31 Jul 2024 10:59:07 +0200 Subject: [PATCH 1/2] RBAC cleanup --- .../templates/rbac.yaml | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/helm/flink-kubernetes-operator/templates/rbac.yaml b/helm/flink-kubernetes-operator/templates/rbac.yaml index 428bed3352..fc864aa7a5 100644 --- a/helm/flink-kubernetes-operator/templates/rbac.yaml +++ b/helm/flink-kubernetes-operator/templates/rbac.yaml @@ -50,8 +50,6 @@ rules: - apps resources: - deployments - - deployments/scale - - deployments/finalizers - replicasets verbs: - get @@ -61,26 +59,20 @@ rules: - update - patch - delete + - deletecollection - apiGroups: - - extensions + - apps resources: - - deployments - - ingresses + - deployments/scale verbs: - get - - list - - watch - - create - update - patch - - delete - apiGroups: - flink.apache.org resources: - flinkdeployments - - flinkdeployments/finalizers - flinksessionjobs - - flinksessionjobs/finalizers verbs: - get - list @@ -89,6 +81,7 @@ rules: - update - patch - delete + - deletecollection - apiGroups: - flink.apache.org resources: @@ -110,6 +103,7 @@ rules: - update - patch - delete + - deletecollection - apiGroups: - coordination.k8s.io resources: @@ -122,6 +116,7 @@ rules: - update - patch - delete + - deletecollection {{- end }} {{/* @@ -142,11 +137,11 @@ rules: - update - patch - delete + - deletecollection - apiGroups: - apps resources: - deployments - - deployments/finalizers verbs: - get - list @@ -155,6 +150,7 @@ rules: - update - patch - delete + - deletecollection {{- end }} --- @@ -245,7 +241,14 @@ rules: resources: - leases verbs: - - "*" + - get + - list + - watch + - create + - update + - patch + - delete + - deletecollection {{- end }} --- {{- if and .Values.rbac.operatorRole.create (not (has .Release.Namespace .Values.watchNamespaces)) }} From d701b7bee72874730eafae7f35702e1092be7569 Mon Sep 17 00:00:00 2001 From: Tim Eckhardt Date: Mon, 10 Feb 2025 15:28:21 +0100 Subject: [PATCH 2/2] Update status resources, adding back finalizers --- .../templates/rbac.yaml | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/helm/flink-kubernetes-operator/templates/rbac.yaml b/helm/flink-kubernetes-operator/templates/rbac.yaml index c84f0dbefc..ecc4c21a2d 100644 --- a/helm/flink-kubernetes-operator/templates/rbac.yaml +++ b/helm/flink-kubernetes-operator/templates/rbac.yaml @@ -50,6 +50,7 @@ rules: - apps resources: - deployments + - deployments/finalizers - replicasets verbs: - get @@ -59,7 +60,6 @@ rules: - update - patch - delete - - deletecollection - apiGroups: - apps resources: @@ -68,6 +68,19 @@ rules: - get - update - patch + - apiGroups: + - extensions + resources: + - deployments + - ingresses + verbs: + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - flink.apache.org resources: @@ -76,7 +89,6 @@ rules: - flinksessionjobs - flinksessionjobs/finalizers - flinkstatesnapshots - - flinkstatesnapshots/status - flinkstatesnapshots/finalizers verbs: - get @@ -86,12 +98,12 @@ rules: - update - patch - delete - - deletecollection - apiGroups: - flink.apache.org resources: - flinkdeployments/status - flinksessionjobs/status + - flinkstatesnapshots/status verbs: - get - update @@ -108,7 +120,6 @@ rules: - update - patch - delete - - deletecollection - apiGroups: - coordination.k8s.io resources: @@ -121,7 +132,6 @@ rules: - update - patch - delete - - deletecollection {{- end }} {{/* @@ -142,11 +152,11 @@ rules: - update - patch - delete - - deletecollection - apiGroups: - apps resources: - deployments + - deployments/finalizers verbs: - get - list @@ -155,7 +165,6 @@ rules: - update - patch - delete - - deletecollection {{- end }} --- @@ -253,7 +262,6 @@ rules: - update - patch - delete - - deletecollection {{- end }} --- {{- if and .Values.rbac.operatorRole.create (not (has .Release.Namespace .Values.watchNamespaces)) }}