From 245700ee543975de3021a8ba2b28d2ceceb99fcf Mon Sep 17 00:00:00 2001 From: Moritz Sanft <58110325+msanft@users.noreply.github.com> Date: Mon, 3 Feb 2025 20:31:37 +0100 Subject: [PATCH] helm: grant configmap watch permission to constellation-operator-controller-manager (#3632) --- .../charts/constellation-operator/templates/manager-rbac.yaml | 1 + .../charts/constellation-operator/templates/manager-rbac.yaml | 1 + .../charts/constellation-operator/templates/manager-rbac.yaml | 1 + .../charts/constellation-operator/templates/manager-rbac.yaml | 1 + .../charts/constellation-operator/templates/manager-rbac.yaml | 1 + .../charts/constellation-operator/templates/manager-rbac.yaml | 1 + .../controllers/nodeversion_controller.go | 2 +- 7 files changed, 7 insertions(+), 1 deletion(-) diff --git a/internal/constellation/helm/charts/edgeless/operators/charts/constellation-operator/templates/manager-rbac.yaml b/internal/constellation/helm/charts/edgeless/operators/charts/constellation-operator/templates/manager-rbac.yaml index 45dddbdd9..2aee2191c 100644 --- a/internal/constellation/helm/charts/edgeless/operators/charts/constellation-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/charts/edgeless/operators/charts/constellation-operator/templates/manager-rbac.yaml @@ -13,6 +13,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/AWS/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/AWS/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml index 4fa4863c8..465bee103 100644 --- a/internal/constellation/helm/testdata/AWS/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/AWS/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml @@ -16,6 +16,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/Azure/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/Azure/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml index 4fa4863c8..465bee103 100644 --- a/internal/constellation/helm/testdata/Azure/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/Azure/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml @@ -16,6 +16,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/GCP/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/GCP/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml index 4fa4863c8..465bee103 100644 --- a/internal/constellation/helm/testdata/GCP/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/GCP/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml @@ -16,6 +16,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml index 4fa4863c8..465bee103 100644 --- a/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/OpenStack/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml @@ -16,6 +16,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml b/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml index 4fa4863c8..465bee103 100644 --- a/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml +++ b/internal/constellation/helm/testdata/QEMU/constellation-operators/charts/constellation-operator/templates/manager-rbac.yaml @@ -16,6 +16,7 @@ rules: verbs: - get - list + - watch - apiGroups: - "" resources: diff --git a/operators/constellation-node-operator/controllers/nodeversion_controller.go b/operators/constellation-node-operator/controllers/nodeversion_controller.go index ff706c702..fc185b1e2 100644 --- a/operators/constellation-node-operator/controllers/nodeversion_controller.go +++ b/operators/constellation-node-operator/controllers/nodeversion_controller.go @@ -83,7 +83,7 @@ func NewNodeVersionReconciler(nodeReplacer nodeReplacer, etcdRemover etcdRemover //+kubebuilder:rbac:groups=nodemaintenance.medik8s.io,resources=nodemaintenances,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=nodes/status,verbs=get -//+kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get +//+kubebuilder:rbac:groups="",resources=configmaps,verbs=list;get;watch // Reconcile replaces outdated nodes with new nodes as specified in the NodeVersion spec. func (r *NodeVersionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {