From 19cce1f7aa31a5e3807cf7ee0077c2fe6f813df1 Mon Sep 17 00:00:00 2001
From: Tom Pantelis <tompantelis@gmail.com>
Date: Wed, 23 Aug 2023 10:43:40 -0400
Subject: [PATCH] Add delete permissions to operator

...for ServiceAccount, ClusterRole, ClusterRoleBinding for
network plugin syncer cleanup.

Signed-off-by: Tom Pantelis <tompantelis@gmail.com>
---
 config/rbac/submariner-operator/role.yaml | 13 +++++++++++++
 pkg/embeddedyamls/yamls.go                | 13 +++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/config/rbac/submariner-operator/role.yaml b/config/rbac/submariner-operator/role.yaml
index c32995c85..70c2ee2a8 100644
--- a/config/rbac/submariner-operator/role.yaml
+++ b/config/rbac/submariner-operator/role.yaml
@@ -18,6 +18,19 @@ rules:
       - secrets
     verbs:
       - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs:
+      - delete
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - delete
   - apiGroups:
       - apps
     resources:
diff --git a/pkg/embeddedyamls/yamls.go b/pkg/embeddedyamls/yamls.go
index dc2a495de..80458f32f 100644
--- a/pkg/embeddedyamls/yamls.go
+++ b/pkg/embeddedyamls/yamls.go
@@ -2513,6 +2513,19 @@ rules:
       - secrets
     verbs:
       - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs:
+      - delete
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+      - clusterrolebindings
+    verbs:
+      - delete
   - apiGroups:
       - apps
     resources: