added more fine grain permissions

Signed-off-by: Dipankar Das <[email protected]>

config/rbac/role.yaml

@@ -12,6 +12,7 @@ rules:
   - ""
   resources:
   - configmaps
+  - events
   - namespaces
   - pods
   - secrets
@@ -25,6 +26,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
@@ -50,6 +63,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - app.ksctl.com
+  resources:
+  - stacks
+  verbs:
+  - '*'
 - apiGroups:
   - apps
   resources:

internal/controller/clusteraddon_controller.go

@@ -52,8 +52,10 @@ const managerFinalizer string = "finalizer.manage.ksctl.com"
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations;mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;statefulsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="",resources=namespaces;serviceaccounts;services;configmaps;secrets;pods,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=namespaces;serviceaccounts;services;configmaps;secrets;pods;events,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:urls=/metrics,verbs=get
+// +kubebuilder:rbac:groups=*,resources=*,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=app.ksctl.com,resources=stacks,verbs=*
 
 func (r *ClusterAddonReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	l := log.FromContext(ctx)