fix (DynamicRoleBinding): Add permissions to treat ClusterRoleBinding…

…s to the controller
prosimcorp · Aug 9, 2024 · 38a2d0d · 38a2d0d
1 parent 159f8f5
commit 38a2d0d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -80,7 +80,8 @@ rules:
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
-  - clusterroles
+  - clusterrolebindings
+  - rolebindings
   verbs:
   - bind
   - create
@@ -94,7 +95,7 @@ rules:
 - apiGroups:
   - rbac.authorization.k8s.io
   resources:
-  - rolebindings
+  - clusterroles
   verbs:
   - bind
   - create

diff --git a/internal/controller/dynamicrolebinding_controller.go b/internal/controller/dynamicrolebinding_controller.go
@@ -45,7 +45,7 @@ type DynamicRoleBindingReconciler struct {
 // +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicrolebindings,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicrolebindings/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=kuberbac.prosimcorp.com,resources=dynamicrolebindings/finalizers,verbs=update
-// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings,verbs=get;list;watch;create;update;patch;delete;bind;escalate
+// +kubebuilder:rbac:groups="rbac.authorization.k8s.io",resources=rolebindings;clusterrolebindings,verbs=get;list;watch;create;update;patch;delete;bind;escalate
 // +kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list
 // +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list