From c9324f3b4cb449ff60069732d8081cef36b7f683 Mon Sep 17 00:00:00 2001 From: Rory Z <16801068+Rory-Z@users.noreply.github.com> Date: Mon, 4 Sep 2023 14:31:26 +0800 Subject: [PATCH] chore: change cluster roles Signed-off-by: Rory Z <16801068+Rory-Z@users.noreply.github.com> --- RELEASE.md | 4 +- config/rbac/role.yaml | 56 +--------------- deploy/charts/emqx-operator/Chart.yaml | 4 +- .../templates/controller-manager-rbac.yaml | 67 ++----------------- main.go | 21 +++--- 5 files changed, 22 insertions(+), 130 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index b00cb6add..70b7b254b 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,6 +1,6 @@ # Release Note 🍻 -EMQX Operator 2.2.2-rc.2 has been released. +EMQX Operator 2.2.2-rc.3 has been released. ## Supported version + apps.emqx.io/v2beta1 @@ -29,7 +29,7 @@ helm repo update helm upgrade --install emqx-operator emqx/emqx-operator \ --namespace emqx-operator-system \ --create-namespace \ - --version 2.2.2-rc.2 + --version 2.2.2-rc.3 kubectl wait --for=condition=Ready pods -l "control-plane=controller-manager" -n emqx-operator-system ``` diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 5416bc02c..1e55fbde0 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -13,20 +13,7 @@ rules: - create - get - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - patch - update - - watch - apiGroups: - "" resources: @@ -35,20 +22,17 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: - persistentvolumeclaims verbs: - create + - delete - get - list - - patch - update - - watch - apiGroups: - "" resources: @@ -57,42 +41,14 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: - pods verbs: - - create - get - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/portforward - verbs: - - create - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: @@ -107,9 +63,7 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: @@ -118,31 +72,27 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - apps resources: - replicasets verbs: - create + - delete - get - list - - patch - update - - watch - apiGroups: - apps resources: - statefulsets verbs: - create + - delete - get - list - - patch - update - - watch - apiGroups: - apps.emqx.io resources: diff --git a/deploy/charts/emqx-operator/Chart.yaml b/deploy/charts/emqx-operator/Chart.yaml index 9be9425fe..d947f3948 100644 --- a/deploy/charts/emqx-operator/Chart.yaml +++ b/deploy/charts/emqx-operator/Chart.yaml @@ -15,9 +15,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 2.2.2-rc.2 +version: 2.2.2-rc.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 2.2.2-rc.2 +appVersion: 2.2.2-rc.3 diff --git a/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml b/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml index 4f0f67be8..0821b44ff 100644 --- a/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml +++ b/deploy/charts/emqx-operator/templates/controller-manager-rbac.yaml @@ -42,9 +42,7 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: @@ -53,20 +51,17 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: - persistentvolumeclaims verbs: - create + - delete - get - list - - patch - update - - watch - apiGroups: - "" resources: @@ -75,42 +70,14 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: - pods verbs: - - create - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - get - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - pods/portforward - verbs: - - create - - get - - list - - patch - - update - - watch - apiGroups: - "" resources: @@ -125,9 +92,7 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - "" resources: @@ -136,37 +101,34 @@ rules: - create - get - list - - patch - update - - watch - apiGroups: - apps resources: - replicasets verbs: - create + - delete - get - list - - patch - update - - watch - apiGroups: - apps resources: - statefulsets verbs: - create + - delete - get - list - - patch - update - - watch - apiGroups: - apps.emqx.io resources: - emqxbrokers verbs: - create + - delete - get - list - patch @@ -192,6 +154,7 @@ rules: - emqxenterprises verbs: - create + - delete - get - list - patch @@ -211,14 +174,6 @@ rules: - get - patch - update -- apiGroups: - - apps.emqx.io - resources: - - emqxenterprises/status - verbs: - - get - - patch - - update - apiGroups: - apps.emqx.io resources: @@ -306,15 +261,5 @@ rules: - get - list - update -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - list - - patch - - update - - watch + {{- end }} diff --git a/main.go b/main.go index 9355de5e2..690a0651d 100644 --- a/main.go +++ b/main.go @@ -59,19 +59,16 @@ func init() { //+kubebuilder:scaffold:scheme } -//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=events,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=persistentvolumes,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=pods/exec,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=pods/portforward,verbs=get;list;watch;create;update;patch +//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;create;update +//+kubebuilder:rbac:groups="",resources=events,verbs=get;list;create;update +//+kubebuilder:rbac:groups="",resources=persistentvolumes,verbs=get;list;create;update +//+kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;create;update;delete +//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list //+kubebuilder:rbac:groups="",resources=pods/status,verbs=patch -//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;watch;create;update;patch -//+kubebuilder:rbac:groups="",resources=endpoints,verbs=get;list;watch;create;update;patch +//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;create;update +//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;create;update +//+kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;create;update;delete +//+kubebuilder:rbac:groups=apps,resources=replicasets,verbs=get;list;create;update;delete //+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;create;update func main() {