Add directives for setting ClusterRole permissions

The default ClusterRole created by kubebuilder does not include all the requried permissions for the controllers to access the cluster-api objects. This PR adds additional kubebuilder directives for setting these permissions. Signed-off-by: Pablo Chacin <[email protected]>
kubernetes-sigs · Feb 14, 2019 · b71e416 · b71e416
1 parent 0f315e9
commit b71e416
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/docs/book/provider_implementations/create_actuators.md b/docs/book/provider_implementations/create_actuators.md
@@ -35,6 +35,9 @@ import (
         client "sigs.k8s.io/cluster-api/pkg/client/clientset_generated/clientset/typed/cluster/v1alpha1"
 )
 
+// Add RBAC rules to access cluster-api resources
+//+kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status,verbs=get;list;watch
+
 // Actuator is responsible for performing cluster reconciliation
 type Actuator struct {
         clustersGetter client.ClustersGetter
@@ -102,6 +105,11 @@ const (
         ProviderName = "solas"
 )
 
+// Add RBAC rules to access cluster-api resources
+//+kubebuilder:rbac:groups=cluster.k8s.io,resources=machines;machines/status;machinedeployments;machinedeployments/status;machinesets;machinesets/status;machineclasses,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=cluster.k8s.io,resources=clusters;clusters/status,verbs=get;list;watch
+//+kubebuilder:rbac:groups="",resources=nodes;events,verbs=get;list;watch;create;update;patch;delete
+
 // Actuator is responsible for performing machine reconciliation
 type Actuator struct {
         machinesGetter client.MachinesGetter