add ownerref rbac (#6547)

Signed-off-by: N yaron2 <schneider.yaron@live.com>

add ownerref rbac (#6547)
Signed-off-by: N yaron2 <schneider.yaron@live.com>
77ebace2 · Yaron Schneider · GitHub · 19f05997 · 77ebace2
隐藏空白更改
内联并排

Showing with 26 addition and 2 deletion

charts/dapr/charts/dapr_rbac/templates/operator.yaml charts/dapr/charts/dapr_rbac/templates/operator.yaml +26 -2

未找到文件。
--- a/charts/dapr/charts/dapr_rbac/templates/operator.yaml
+++ b/charts/dapr/charts/dapr_rbac/templates/operator.yaml
@@ -23,9 +23,15 @@ rules:
  - apiGroups: ["apps"]
    resources: ["deployments", "deployments/finalizers"]
    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments/finalizers"]
+    verbs: ["update"]
  - apiGroups: ["apps"]
    resources: ["statefulsets", "statefulsets/finalizers"]
    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["statefulsets/finalizers"]
+    verbs: ["update"]
  - apiGroups: [""]
    resources: ["pods"]
 {{- if .Values.global.operator.watchdogCanPatchPodLabels }}
@@ -36,6 +42,9 @@ rules:
  - apiGroups: [""]
    resources: ["services","services/finalizers"]
    verbs: ["get", "list", "watch", "update", "create"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["delete"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
@@ -46,7 +55,10 @@ rules:
 {{- if .Values.global.argoRolloutServiceReconciler.enabled }}
  - apiGroups: ["argoproj.io"]
    resources: ["rollouts"]
-    verbs: ["get", "list", "watch"]
+    verbs: ["get", "list", "watch", "delete"]
+  - apiGroups: ["argoproj.io"]
+    resources: ["rollouts/finalizers"]
+    verbs: ["update"]
 {{- end }}
 ---
 {{- if not .Values.global.rbac.namespaced }}
@@ -100,15 +112,24 @@ rules:
  - apiGroups: ["apps"]
    resources: ["deployments", "deployments/finalizers"]
    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments/finalizers"]
+    verbs: ["update"]
  - apiGroups: ["apps"]
    resources: ["statefulsets", "statefulsets/finalizers"]
    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["statefulsets/finalizers"]
+    verbs: ["update"]
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list", "delete"]
  - apiGroups: [""]
    resources: ["services","services/finalizers"]
    verbs: ["get", "list", "watch", "update", "create"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["delete"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list", "watch"]
@@ -119,7 +140,10 @@ rules:
 {{- if .Values.global.argoRolloutServiceReconciler.enabled }}
  - apiGroups: ["argoproj.io"]
    resources: ["rollouts"]
-    verbs: ["get", "list", "watch"]
+    verbs: ["get", "list", "watch", "delete"]
+  - apiGroups: ["argoproj.io"]
+    resources: ["rollouts/finalizers"]
+    verbs: ["update"]
 {{- end }}
 ---
 kind: RoleBinding