From 312aca6d41fd06c0727ec2b05291b18084d7478a Mon Sep 17 00:00:00 2001 From: Prateek Nandle Date: Thu, 23 May 2024 00:18:40 +0530 Subject: [PATCH] update rbac rules for jobs/cronjobs for kubearmor clusterRole Signed-off-by: Prateek Nandle --- deployments/get/objects.go | 5 +++++ deployments/helm/KubeArmor/templates/RBAC/roles.yaml | 7 +++++++ .../helm/KubeArmorOperator/templates/clusterrole-rbac.yaml | 7 +++++++ pkg/KubeArmorOperator/config/rbac/clusterrole.yaml | 7 +++++++ 4 files changed, 26 insertions(+) diff --git a/deployments/get/objects.go b/deployments/get/objects.go index 6bf47d059..41fe81e37 100644 --- a/deployments/get/objects.go +++ b/deployments/get/objects.go @@ -51,6 +51,11 @@ func GetClusterRole() *rbacv1.ClusterRole { Resources: []string{"deployments", "replicasets", "daemonsets", "statefulsets"}, Verbs: []string{"get", "patch", "list", "watch", "update"}, }, + { + APIGroups: []string{"batch"}, + Resources: []string{"jobs", "cronjobs"}, + Verbs: []string{"get"}, + }, { APIGroups: []string{"security.kubearmor.com"}, Resources: []string{"kubearmorpolicies", "kubearmorhostpolicies"}, diff --git a/deployments/helm/KubeArmor/templates/RBAC/roles.yaml b/deployments/helm/KubeArmor/templates/RBAC/roles.yaml index 093e8e9cc..c556f66b7 100644 --- a/deployments/helm/KubeArmor/templates/RBAC/roles.yaml +++ b/deployments/helm/KubeArmor/templates/RBAC/roles.yaml @@ -29,6 +29,13 @@ rules: - list - watch - update +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get - apiGroups: - security.kubearmor.com resources: diff --git a/deployments/helm/KubeArmorOperator/templates/clusterrole-rbac.yaml b/deployments/helm/KubeArmorOperator/templates/clusterrole-rbac.yaml index e85d25b26..a16899dec 100644 --- a/deployments/helm/KubeArmorOperator/templates/clusterrole-rbac.yaml +++ b/deployments/helm/KubeArmorOperator/templates/clusterrole-rbac.yaml @@ -122,6 +122,13 @@ rules: - list - watch - update +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get - apiGroups: - security.kubearmor.com resources: diff --git a/pkg/KubeArmorOperator/config/rbac/clusterrole.yaml b/pkg/KubeArmorOperator/config/rbac/clusterrole.yaml index 40da60d27..156e27951 100644 --- a/pkg/KubeArmorOperator/config/rbac/clusterrole.yaml +++ b/pkg/KubeArmorOperator/config/rbac/clusterrole.yaml @@ -123,6 +123,13 @@ rules: - list - watch - update +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get - apiGroups: - security.kubearmor.com resources: