From 4437ae6cf974c2c14972cc72508494a96bb54576 Mon Sep 17 00:00:00 2001 From: YuChen Date: Wed, 13 Mar 2024 09:50:11 -0700 Subject: [PATCH] add CertManager and AuditLogging CR cluster permission to ODLM Signed-off-by: YuChen --- ...fecycle-manager.clusterserviceversion.yaml | 24 ++++++++++++------- config/rbac/role.yaml | 8 +++++++ 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml b/bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml index e08a5524..6527c65d 100644 --- a/bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml +++ b/bundle/manifests/operand-deployment-lifecycle-manager.clusterserviceversion.yaml @@ -562,14 +562,22 @@ spec: install: spec: clusterPermissions: - - rules: - - apiGroups: - - operators.coreos.com - resources: - - catalogsources - verbs: - - get - serviceAccountName: operand-deployment-lifecycle-manager + - rules: + - apiGroups: + - operators.coreos.com + resources: + - catalogsources + verbs: + - get + - apiGroups: + - operator.ibm.com + resources: + - certmanagers + - auditloggings + verbs: + - get + - delete + serviceAccountName: operand-deployment-lifecycle-manager deployments: - label: app.kubernetes.io/instance: operand-deployment-lifecycle-manager diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index be1d8f4a..8833a2e1 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -9,6 +9,14 @@ rules: - catalogsources verbs: - get +- apiGroups: + - operator.ibm.com + resources: + - certmanagers + - auditloggings + verbs: + - get + - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role