From 770a417aa2b56901e44a38c90574ecfbacb3de53 Mon Sep 17 00:00:00 2001
From: pablochacin <pchacin@suse.com>
Date: Fri, 15 Feb 2019 01:49:23 +0100
Subject: [PATCH] Add directives for setting ClusterRole permissions (#750)

The default ClusterRole created by kubebuilder does not include
all the requried permissions for the controllers to access the
cluster-api objects.

This PR adds additional kubebuilder directives  for setting these
permissions.

Signed-off-by: Pablo Chacin <pchacin@suse.com>
---
 docs/book/provider_implementations/create_actuators.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/book/provider_implementations/create_actuators.md b/docs/book/provider_implementations/create_actuators.md
index 9e88e32c3758..196af87ce3c7 100644
--- a/docs/book/provider_implementations/create_actuators.md
+++ b/docs/book/provider_implementations/create_actuators.md
@@ -35,6 +35,9 @@ import (
         client "sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset/typed/cluster/v1alpha1"
 )
 
+// Add RBAC rules to access cluster-api resources
+//+kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status,verbs=get;list;watch
+
 // Actuator is responsible for performing cluster reconciliation
 type Actuator struct {
         clustersGetter client.ClustersGetter
@@ -102,6 +105,11 @@ const (
         ProviderName = "solas"
 )
 
+// Add RBAC rules to access cluster-api resources
+//+kubebuilder:rbac:groups=cluster.k8s.io,resources=machines;machines/status;machinedeployments;machinedeployments/status;machinesets;machinesets/status;machineclasses,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status,verbs=get;list;watch
+//+kubebuilder:rbac:groups="",resources=nodes;events,verbs=get;list;watch;create;update;patch;delete
+
 // Actuator is responsible for performing machine reconciliation
 type Actuator struct {
         machinesGetter client.MachinesGetter