From 528f2086afa41b548f3b9b4aa37152933ed1629d Mon Sep 17 00:00:00 2001 From: Antonin Stefanutti Date: Wed, 3 Apr 2024 18:49:55 +0200 Subject: [PATCH] Add missing RBAC for oauth-proxy ClusterRoleBinding --- config/rbac/role.yaml | 8 ++++++++ pkg/controllers/raycluster_controller.go | 1 + 2 files changed, 9 insertions(+) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c7ef78b42..e5a2ca9f4 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -56,6 +56,14 @@ rules: - get - patch - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - delete + - get + - patch - apiGroups: - route.openshift.io resources: diff --git a/pkg/controllers/raycluster_controller.go b/pkg/controllers/raycluster_controller.go index 53999591c..9e45bf78d 100644 --- a/pkg/controllers/raycluster_controller.go +++ b/pkg/controllers/raycluster_controller.go @@ -73,6 +73,7 @@ var ( // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;create;patch;delete;get // +kubebuilder:rbac:groups=core,resources=services,verbs=patch;delete;get // +kubebuilder:rbac:groups=core,resources=serviceaccounts,verbs=patch;delete;get +// +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=patch;delete;get // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.