Fix GoogleCloudPlatform#434

If [OwnerReferencesPermissionEnforcement](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement) is turned on, such as on OpenShift, ConfigConnector operator would fail with error `forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on` Signed-off-by: Tiger Kaovilai <[email protected]> Limit finalizers role to update verb Signed-off-by: Tiger Kaovilai <[email protected]>
kaovilai · Apr 7, 2023 · fcf3904 · fcf3904
1 parent 174e388
commit fcf3904
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/operator/config/rbac/role.yaml b/operator/config/rbac/role.yaml
@@ -118,6 +118,12 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - core.cnrm.cloud.google.com
+  resources:
+  - configconnectors/finalizers
+  verbs:
+  - update
 - apiGroups:
   - rbac.authorization.k8s.io
   resources: