From b5d869db0324181345a307ae76baea315264d71c Mon Sep 17 00:00:00 2001 From: Hidde Beydals Date: Thu, 10 Sep 2020 21:08:47 +0200 Subject: [PATCH] Include PATCH rule for events in manager-role During high custom resource count / low interval tests, I was greated with a `cannot patch resource "events"` message. This happened due to event compaction, where it will perform a patch instead of a create. By giving the role the permission to do so this should no longer pose a problem. --- config/rbac/leader_election_role.yaml | 7 +------ config/rbac/role.yaml | 7 +++++++ controllers/gitrepository_controller.go | 1 + controllers/helmchart_controller.go | 1 + controllers/helmrepository_controller.go | 1 + 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index eaa79158..4de3ab4d 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -24,9 +24,4 @@ rules: - get - update - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create + diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index fc48ed79..95e3d4db 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -6,6 +6,13 @@ metadata: creationTimestamp: null name: manager-role rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch - apiGroups: - source.toolkit.fluxcd.io resources: diff --git a/controllers/gitrepository_controller.go b/controllers/gitrepository_controller.go index d62603bf..d3ca2615 100644 --- a/controllers/gitrepository_controller.go +++ b/controllers/gitrepository_controller.go @@ -55,6 +55,7 @@ type GitRepositoryReconciler struct { // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=gitrepositories/status,verbs=get;update;patch +// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch func (r *GitRepositoryReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() diff --git a/controllers/helmchart_controller.go b/controllers/helmchart_controller.go index 9ebe88d7..a12167ee 100644 --- a/controllers/helmchart_controller.go +++ b/controllers/helmchart_controller.go @@ -60,6 +60,7 @@ type HelmChartReconciler struct { // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=helmcharts,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=helmcharts/status,verbs=get;update;patch +// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch func (r *HelmChartReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background() diff --git a/controllers/helmrepository_controller.go b/controllers/helmrepository_controller.go index a368ac40..a56a9ec8 100644 --- a/controllers/helmrepository_controller.go +++ b/controllers/helmrepository_controller.go @@ -60,6 +60,7 @@ type HelmRepositoryReconciler struct { // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=helmrepositories,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=helmrepositories/status,verbs=get;update;patch // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=helmcharts/finalizers,verbs=get;update;patch +// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch func (r *HelmRepositoryReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { ctx := context.Background()