diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 9b51abf039..b3a99a0b2d 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -36,6 +36,14 @@ rules: - get - list - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch - apiGroups: - authentication.k8s.io resources: @@ -72,8 +80,8 @@ rules: - clusters - clusters/status - machinedeployments - - machines - machines/status + - machinesets verbs: - get - list @@ -84,10 +92,20 @@ rules: - machinepools - machinepools/status verbs: + - create - get - list - patch - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + verbs: + - delete + - get + - list + - watch - apiGroups: - controlplane.cluster.x-k8s.io resources: @@ -108,6 +126,13 @@ rules: - patch - update - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes/finalizers + - rosacontrolplanes/finalizers + verbs: + - update - apiGroups: - controlplane.cluster.x-k8s.io resources: @@ -119,12 +144,6 @@ rules: - patch - update - watch -- apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - rosacontrolplanes/finalizers - verbs: - - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: @@ -150,11 +169,9 @@ rules: - awsclusters - awsfargateprofiles - awsmachinepools - - awsmachines - awsmanagedclusters - awsmanagedmachinepools - rosaclusters - - rosamachinepools verbs: - delete - get @@ -167,12 +184,21 @@ rules: resources: - awsclusters/status - awsfargateprofiles/status + - awsmachinetemplates/status - rosaclusters/status - - rosamachinepools/status + - rosanetworks/status + - rosaroleconfigs/status verbs: - get - patch - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools/finalizers + verbs: + - delete + - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: @@ -186,9 +212,37 @@ rules: - patch - update - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + - rosamachinepools + - rosanetworks + - rosaroleconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - infrastructure.cluster.x-k8s.io resources: - rosamachinepools/finalizers + - rosanetworks/finalizers + - rosaroleconfigs/finalizers verbs: - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosamachinepools/status + verbs: + - create + - get + - list + - patch + - update + - watch diff --git a/spectro/base/kustomization.yaml b/spectro/base/kustomization.yaml index afd57b6ef2..7a6ee3867f 100644 --- a/spectro/base/kustomization.yaml +++ b/spectro/base/kustomization.yaml @@ -27,11 +27,4 @@ patchesJson6902: name: controller-manager namespace: system version: v1 - path: patch_service_account.yaml - - target: - group: apps - kind: Deployment - name: controller-manager - namespace: system - version: v1 - path: patch_healthcheck.yaml \ No newline at end of file + path: patch_healthcheck.yaml diff --git a/spectro/base/patch_service_account.yaml b/spectro/base/patch_service_account.yaml deleted file mode 100644 index d9cd4321fc..0000000000 --- a/spectro/base/patch_service_account.yaml +++ /dev/null @@ -1,2 +0,0 @@ -- op: remove - path: "/spec/template/spec/serviceAccountName" diff --git a/spectro/generated/core-base.yaml b/spectro/generated/core-base.yaml index bd16fe15a4..2508481fef 100644 --- a/spectro/generated/core-base.yaml +++ b/spectro/generated/core-base.yaml @@ -95,6 +95,14 @@ rules: - get - list - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch - apiGroups: - authentication.k8s.io resources: @@ -131,8 +139,8 @@ rules: - clusters - clusters/status - machinedeployments - - machines - machines/status + - machinesets verbs: - get - list @@ -143,10 +151,20 @@ rules: - machinepools - machinepools/status verbs: + - create - get - list - patch - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - machines + verbs: + - delete + - get + - list + - watch - apiGroups: - controlplane.cluster.x-k8s.io resources: @@ -167,6 +185,13 @@ rules: - patch - update - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - awsmanagedcontrolplanes/finalizers + - rosacontrolplanes/finalizers + verbs: + - update - apiGroups: - controlplane.cluster.x-k8s.io resources: @@ -178,12 +203,6 @@ rules: - patch - update - watch -- apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - rosacontrolplanes/finalizers - verbs: - - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: @@ -209,11 +228,9 @@ rules: - awsclusters - awsfargateprofiles - awsmachinepools - - awsmachines - awsmanagedclusters - awsmanagedmachinepools - rosaclusters - - rosamachinepools verbs: - delete - get @@ -226,12 +243,21 @@ rules: resources: - awsclusters/status - awsfargateprofiles/status + - awsmachinetemplates/status - rosaclusters/status - - rosamachinepools/status + - rosanetworks/status + - rosaroleconfigs/status verbs: - get - patch - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachinepools/finalizers + verbs: + - delete + - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: @@ -245,12 +271,40 @@ rules: - patch - update - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - awsmachines + - rosamachinepools + - rosanetworks + - rosaroleconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - infrastructure.cluster.x-k8s.io resources: - rosamachinepools/finalizers + - rosanetworks/finalizers + - rosaroleconfigs/finalizers verbs: - update +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - rosamachinepools/status + verbs: + - create + - get + - list + - patch + - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -373,6 +427,7 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + serviceAccountName: capa-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/spectro/generated/core-global.yaml b/spectro/generated/core-global.yaml index 37238d7bbd..eb7e01b786 100644 --- a/spectro/generated/core-global.yaml +++ b/spectro/generated/core-global.yaml @@ -17928,10 +17928,10 @@ spec: name: cert readOnly: true securityContext: - fsGroup: 1000 runAsNonRoot: true seccompProfile: type: RuntimeDefault + serviceAccountName: manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule diff --git a/spectro/global/kustomization.yaml b/spectro/global/kustomization.yaml index 8713c3ca9d..2e35199cea 100644 --- a/spectro/global/kustomization.yaml +++ b/spectro/global/kustomization.yaml @@ -14,7 +14,6 @@ bases: - ../../config/webhook patchesStrategicMerge: - - ../../config/default/manager_service_account_patch.yaml - ../../config/default/manager_pull_policy.yaml - ../../config/default/manager_webhook_patch.yaml - ../../config/default/webhookcainjection_patch.yaml @@ -50,12 +49,3 @@ vars: kind: Service version: v1 name: webhook-service - -patchesJson6902: -- target: - group: apps - kind: Deployment - name: controller-manager - namespace: system - version: v1 - path: patch_service_account.yaml diff --git a/spectro/global/patch_service_account.yaml b/spectro/global/patch_service_account.yaml deleted file mode 100644 index d9cd4321fc..0000000000 --- a/spectro/global/patch_service_account.yaml +++ /dev/null @@ -1,2 +0,0 @@ -- op: remove - path: "/spec/template/spec/serviceAccountName"