You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by ch...@apache.org on 2022/09/20 03:44:01 UTC

[dolphinscheduler-operator] 24/44: Fix rbac and webhook problem

This is an automated email from the ASF dual-hosted git repository.

chufenggao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler-operator.git

commit 8ef4531a0b8239ea6983013049ef83ae2cd89934
Author: kezhenxu94 <ke...@apache.org>
AuthorDate: Sun Jun 12 14:48:22 2022 +0800

    Fix rbac and webhook problem
---
 config/crd/kustomization.yaml      | 16 ++++++++--------
 config/manager/kustomization.yaml  |  4 ++--
 config/rbac/role.yaml              | 36 ++++++++++++++++++++++++++++++++++++
 controllers/dsalert_controller.go  |  3 +++
 controllers/dsapi_controller.go    |  3 +++
 controllers/dsmaster_controller.go |  8 ++++++--
 controllers/dsworker_controller.go |  6 +++++-
 controllers/master_reconcile.go    |  1 +
 8 files changed, 64 insertions(+), 13 deletions(-)

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
index 3089d02..6d766f3 100644
--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -11,18 +11,18 @@ resources:
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-#- patches/webhook_in_dsmasters.yaml
-#- patches/webhook_in_dsworkers.yaml
-#- patches/webhook_in_dsalerts.yaml
-#- patches/webhook_in_dsapis.yaml
+- patches/webhook_in_dsmasters.yaml
+- patches/webhook_in_dsworkers.yaml
+- patches/webhook_in_dsalerts.yaml
+- patches/webhook_in_dsapis.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-#- patches/cainjection_in_dsmasters.yaml
-#- patches/cainjection_in_dsworkers.yaml
-#- patches/cainjection_in_dsalerts.yaml
-#- patches/cainjection_in_dsapis.yaml
+- patches/cainjection_in_dsmasters.yaml
+- patches/cainjection_in_dsworkers.yaml
+- patches/cainjection_in_dsalerts.yaml
+- patches/cainjection_in_dsapis.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index c2c4746..dd1052d 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -12,5 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: nobolity/ds-operator
-  newTag: v1alpha1
+  newName: kezhenxu94/controller
+  newTag: latest
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 5b6627c..b8bf865 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -5,6 +5,42 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ds.apache.dolphinscheduler.dev
   resources:
diff --git a/controllers/dsalert_controller.go b/controllers/dsalert_controller.go
index 5f254ea..f3179a0 100644
--- a/controllers/dsalert_controller.go
+++ b/controllers/dsalert_controller.go
@@ -47,6 +47,9 @@ type DSAlertReconciler struct {
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsalerts,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsalerts/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsalerts/finalizers,verbs=update
+//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/controllers/dsapi_controller.go b/controllers/dsapi_controller.go
index 7fbea79..3612326 100644
--- a/controllers/dsapi_controller.go
+++ b/controllers/dsapi_controller.go
@@ -47,6 +47,9 @@ type DSApiReconciler struct {
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsapis,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsapis/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsapis/finalizers,verbs=update
+//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/controllers/dsmaster_controller.go b/controllers/dsmaster_controller.go
index 18edab7..b001b84 100644
--- a/controllers/dsmaster_controller.go
+++ b/controllers/dsmaster_controller.go
@@ -18,6 +18,9 @@ package controllers
 
 import (
 	"context"
+	"sync"
+	"time"
+
 	v2 "k8s.io/api/autoscaling/v2"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -35,8 +38,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/event"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/source"
-	"sync"
-	"time"
 
 	dsv1alpha1 "dolphinscheduler-operator/api/v1alpha1"
 )
@@ -57,6 +58,9 @@ type DSMasterReconciler struct {
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsmasters,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsmasters/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsmasters/finalizers,verbs=update
+//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/controllers/dsworker_controller.go b/controllers/dsworker_controller.go
index 7a9262c..dc3ddeb 100644
--- a/controllers/dsworker_controller.go
+++ b/controllers/dsworker_controller.go
@@ -18,6 +18,8 @@ package controllers
 
 import (
 	"context"
+	"time"
+
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -28,7 +30,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
-	"time"
 
 	dsv1alpha1 "dolphinscheduler-operator/api/v1alpha1"
 )
@@ -47,6 +48,9 @@ var (
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsworkers,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsworkers/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=ds.apache.dolphinscheduler.dev,resources=dsworkers/finalizers,verbs=update
+//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/controllers/master_reconcile.go b/controllers/master_reconcile.go
index e480b7f..7a3fb4d 100644
--- a/controllers/master_reconcile.go
+++ b/controllers/master_reconcile.go
@@ -19,6 +19,7 @@ package controllers
 import (
 	"context"
 	dsv1alpha1 "dolphinscheduler-operator/api/v1alpha1"
+
 	v2 "k8s.io/api/autoscaling/v2"
 	_ "k8s.io/api/core/v1"
 	corev1 "k8s.io/api/core/v1"