[incubator-uniffle] branch master updated: build(operator): update clusterrole of controller and webhook (#842)

[xianjin]

This is an automated email from the ASF dual-hosted git repository.

xianjin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-uniffle.git


The following commit(s) were added to refs/heads/master by this push:
     new 47c49664 build(operator): update clusterrole of controller and webhook 
(#842)
47c49664 is described below

commit 47c496644ebdfc1b6574d9945670d706cfbb2e40
Author: jasonawang <jasonaw...@tencent.com>
AuthorDate: Wed Apr 26 19:04:24 2023 +0800

    build(operator): update clusterrole of controller and webhook (#842)
    
    ### What changes were proposed in this pull request?
    Update clusterrole of controller and webhook's yaml file.
    
    ### Why are the changes needed?
    If not modified, the new versions of rss-controller and rss-webhook will 
report permission errors
    
    ### Does this PR introduce _any_ user-facing change?
    No.
    
    ### How was this patch tested?
    Manually verified.
---
 .../operator/config/manager/rss-controller.yaml           |  3 +++
 .../kubernetes/operator/config/manager/rss-webhook.yaml   | 15 ++++++++++++---
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/deploy/kubernetes/operator/config/manager/rss-controller.yaml 
b/deploy/kubernetes/operator/config/manager/rss-controller.yaml
index 8ed59d96..22401c82 100644
--- a/deploy/kubernetes/operator/config/manager/rss-controller.yaml
+++ b/deploy/kubernetes/operator/config/manager/rss-controller.yaml
@@ -48,6 +48,9 @@ rules:
   - apiGroups: [ "" ]
     resources: [ "events" ]
     verbs: [ "list", "watch", "create", "update", "patch" ]
+  - apiGroups: [ "autoscaling" ]
+    resources: [ "horizontalpodautoscalers" ]
+    verbs: [ "get", "list", "watch", "update", "create", "delete", "patch" ]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/deploy/kubernetes/operator/config/manager/rss-webhook.yaml 
b/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
index 91acaa5c..a9914ed0 100644
--- a/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
+++ b/deploy/kubernetes/operator/config/manager/rss-webhook.yaml
@@ -30,6 +30,9 @@ rules:
   - apiGroups: [ "" ]
     resources: [ "pods" ]
     verbs: [ "get", "list", "watch", "delete" ]
+  - apiGroups: [ "node.k8s.io" ]
+    resources: [ "runtimeclasses" ]
+    verbs: [ "get", "list", "watch" ]
   - apiGroups: [ "uniffle.apache.org" ]
     resources: [ "remoteshuffleservices", "remoteshuffleservices/status" ]
     verbs: [ "get", "list", "watch", "update" ]
@@ -45,9 +48,15 @@ rules:
   - apiGroups: [ "" ]
     resources: [ "events" ]
     verbs: [ "list", "watch", "create", "update", "patch" ]
-  - apiGroups: [ "node.k8s.io"]
+  - apiGroups: [ "node.k8s.io" ]
     resources: [ "runtimeclasses" ]
     verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "autoscaling" ]
+    resources: [ "horizontalpodautoscalers" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "statefulsets" ]
+    verbs: [ "get", "list", "watch" ]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -105,8 +114,8 @@ spec:
           command:
             - "./webhook"
           args:
-           - "--ignore-rss=false"
-           - "--v=4"
+            - "--ignore-rss=false"
+            - "--v=4"
           ports:
             - containerPort: 9876
               protocol: TCP