From efbe2836b452a18d0d9612a7050d178f8f922748 Mon Sep 17 00:00:00 2001 From: Jawed khelil Date: Mon, 25 Sep 2023 15:50:05 +0200 Subject: [PATCH] fix permissions for shipwright-build-webhook service --- README.md | 8 ++++---- .../shipwright-operator.clusterserviceversion.yaml | 2 +- config/rbac/role.yaml | 2 +- controllers/shipwrightbuild_rbac.go | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c0bbd24b..1f0d4d33 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,10 @@ $ kubectl apply -f https://operatorhub.io/install/shipwright-operator.yaml ``` ## OLM Dependencies -When installed via OLM using the provided SHipwright Operator Bundle, the Shipwright operator has two dependencies to: -- The Tekton operator needed by the Shipright Build Controller -- The Cert-Manager operator needed in case you delegate to the Shipwright operator the ssl certificates management of the Shipwright Conversion webhook -The two operators are then installed automatically by OLM. +When installed via OLM using the provided Shipwright Operator Bundle, the Shipwright operator will ask OLM to deploy the following operators: +- The [Tekton operator](https://tekton.dev/docs/operator/) to deploy and manage Tekton Pipelines. +- The [Cert-Manager operator](https://cert-manager.io/docs/installation/operator-lifecycle-manager/) to provision certificates for admission/conversion webhooks. +For this to work, the Shipwright operator must be included in a catalog that includes these other operators. ## Usage diff --git a/bundle/manifests/shipwright-operator.clusterserviceversion.yaml b/bundle/manifests/shipwright-operator.clusterserviceversion.yaml index 9f6d2b4e..2117baec 100644 --- a/bundle/manifests/shipwright-operator.clusterserviceversion.yaml +++ b/bundle/manifests/shipwright-operator.clusterserviceversion.yaml @@ -584,7 +584,7 @@ spec: - apiGroups: - "" resourceNames: - - shipwright-build-controller + - shipwright-build-webhook resources: - services verbs: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index a35c3c6f..07b2535e 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -206,7 +206,7 @@ rules: - apiGroups: - "" resourceNames: - - shipwright-build-controller + - shipwright-build-webhook resources: - services verbs: diff --git a/controllers/shipwrightbuild_rbac.go b/controllers/shipwrightbuild_rbac.go index a64a37a6..fb65c04a 100644 --- a/controllers/shipwrightbuild_rbac.go +++ b/controllers/shipwrightbuild_rbac.go @@ -40,6 +40,6 @@ package controllers // +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,verbs=get;list;watch;create // +kubebuilder:rbac:groups=cert-manager.io,resources=certificates,resourceNames=shipwright-build-webhook-cert,verbs=update;patch;delete // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create -// +kubebuilder:rbac:groups=core,resources=services,resourceNames=shipwright-build-controller,verbs=update;patch;delete +// +kubebuilder:rbac:groups=core,resources=services,resourceNames=shipwright-build-webhook,verbs=update;patch;delete // +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create // +kubebuilder:rbac:groups=core,resources=secrets,resourceNames=shipwright-build-webhook-cert,verbs=update;patch;delete