From 5856bccae223f415111b147e86bb57140cbd822d Mon Sep 17 00:00:00 2001
From: Christian Wolf <bc.christianwolf@googlemail.com>
Date: Thu, 6 May 2021 15:09:27 +0200
Subject: [PATCH] add rbac for leases, add namespace to cluster issuer
Signed-off-by: Tobias Gurtzick <magic@wizardtales.com>
Signed-off-by: Christian Wolf <bc.christianwolf@googlemail.com>
---
config/rbac/role.yaml | 9 +++++++++
controllers/stepclusterissuer_controller.go | 2 ++
2 files changed, 11 insertions(+)
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index 305ff4d..b990a9f 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -66,3 +66,12 @@ rules:
- create
- get
- update
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - list
+ - update
diff --git a/controllers/stepclusterissuer_controller.go b/controllers/stepclusterissuer_controller.go
index 8fca0d8..f010cd2 100644
--- a/controllers/stepclusterissuer_controller.go
+++ b/controllers/stepclusterissuer_controller.go
@@ -43,6 +43,7 @@ type StepClusterIssuerReconciler struct {
// +kubebuilder:rbac:groups=certmanager.step.sm,resources=stepclusterissuers/status,verbs=get;update;patch
// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+// +kubebuilder:rbac:groups="coordination.k8s.io",resources=leases,verbs=create;get;list;update
// Reconcile will read and validate the StepClusterIssuer resources, it will set the
// status condition ready to true if everything is right.
@@ -68,6 +69,7 @@ func (r *StepClusterIssuerReconciler) Reconcile(ctx context.Context, req ctrl.Re
Namespace: req.Namespace,
Name: iss.Spec.Provisioner.PasswordRef.Name,
}
+ log.Info("secretNamespaceName", secretNamespaceName)
if err := r.Client.Get(ctx, secretNamespaceName, &secret); err != nil {
log.Error(err, "failed to retrieve StepClusterIssuer provisioner secret", "namespace", secretNamespaceName.Namespace, "name", secretNamespaceName.Name)
if apierrors.IsNotFound(err) {
--
GitLab