update rbac

config/rbac/kustomization.yaml

@@ -1,18 +1,18 @@
 resources:
-# All RBAC will be applied under this service account in
-# the deployment namespace. You may comment out this resource
-# if your manager will use a service account that exists at
-# runtime. Be sure to update RoleBinding and ClusterRoleBinding
-# subjects if changing service account names.
-- service_account.yaml
-- role.yaml
-- role_binding.yaml
-- leader_election_role.yaml
-- leader_election_role_binding.yaml
+  # All RBAC will be applied under this service account in
+  # the deployment namespace. You may comment out this resource
+  # if your manager will use a service account that exists at
+  # runtime. Be sure to update RoleBinding and ClusterRoleBinding
+  # subjects if changing service account names.
+  - service_account.yaml
+  - role.yaml
+  - role_binding.yaml
+  - leader_election_role.yaml
+  - leader_election_role_binding.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
+# - auth_proxy_service.yaml
+# - auth_proxy_role.yaml
+# - auth_proxy_role_binding.yaml
+# - auth_proxy_client_clusterrole.yaml

config/rbac/role.yaml

@@ -11,13 +11,16 @@ rules:
   verbs:
   - create
   - get
+  - list
   - watch
 - apiGroups:
   - ""
   resources:
   - services
   verbs:
+  - create
   - get
+  - list
   - watch
 - apiGroups:
   - database.iwanhae.kr

internal/controller/postgresql_controller.go

@@ -51,6 +51,7 @@ type PostgreSQLReconciler struct {
 //+kubebuilder:rbac:groups=database.iwanhae.kr,resources=postgresqls/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=database.iwanhae.kr,resources=postgresqls/finalizers,verbs=update
 //+kubebuilder:rbac:groups="",resources=pods,verbs=get;create
+//+kubebuilder:rbac:groups="",resources=services,verbs=get;create
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

internal/controller/postgresql_pod_controller.go

@@ -36,7 +36,7 @@ type PostgreSQLPodReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-//+kubebuilder:rbac:groups="",resources=pods,verbs=watch;get
+//+kubebuilder:rbac:groups="",resources=pods,verbs=watch;get;list
 //+kubebuilder:rbac:groups=database.iwanhae.kr,resources=postgresqls/status,verbs=get;update;patch
 
 func (r *PostgreSQLPodReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, err error) {

internal/controller/postgresql_svc_controller.go

@@ -35,7 +35,7 @@ type PostgreSQLServiceReconciler struct {
 	Scheme *runtime.Scheme
 }
 
-//+kubebuilder:rbac:groups="",resources=services,verbs=watch;get
+//+kubebuilder:rbac:groups="",resources=services,verbs=watch;get;list
 //+kubebuilder:rbac:groups=database.iwanhae.kr,resources=postgresqls/status,verbs=get;update;patch
 
 func (r *PostgreSQLServiceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, err error) {