diff --git a/bundle/manifests/cryostat-operator-cryostat_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/cryostat-operator-cryostat_rbac.authorization.k8s.io_v1_clusterrole.yaml index 67dfa50e..8938899b 100644 --- a/bundle/manifests/cryostat-operator-cryostat_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ b/bundle/manifests/cryostat-operator-cryostat_rbac.authorization.k8s.io_v1_clusterrole.yaml @@ -16,13 +16,5 @@ rules: - authorization.k8s.io resources: - subjectaccessreviews - - selfsubjectaccessreviews verbs: - create -- apiGroups: - - oauth.openshift.io - resources: - - oauthaccesstokens - verbs: - - list - - delete diff --git a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml index 2340636d..0e9ea776 100644 --- a/bundle/manifests/cryostat-operator.clusterserviceversion.yaml +++ b/bundle/manifests/cryostat-operator.clusterserviceversion.yaml @@ -24,7 +24,7 @@ metadata: capabilities: Seamless Upgrades categories: Monitoring, Developer Tools containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev - createdAt: "2025-01-28T00:29:47Z" + createdAt: "2025-01-31T15:55:35Z" description: JVM monitoring and profiling tool operatorframework.io/initialization-resource: |- { @@ -994,12 +994,6 @@ spec: - tokenreviews verbs: - create - - apiGroups: - - authorization.k8s.io - resources: - - selfsubjectaccessreviews - verbs: - - create - apiGroups: - authorization.k8s.io resources: @@ -1052,13 +1046,6 @@ spec: - networkpolicies verbs: - '*' - - apiGroups: - - oauth.openshift.io - resources: - - oauthaccesstokens - verbs: - - delete - - list - apiGroups: - operator.cryostat.io resources: diff --git a/config/rbac/cryostat_role.yaml b/config/rbac/cryostat_role.yaml index 56184b01..a83a8572 100644 --- a/config/rbac/cryostat_role.yaml +++ b/config/rbac/cryostat_role.yaml @@ -15,13 +15,5 @@ rules: - authorization.k8s.io resources: - subjectaccessreviews - - selfsubjectaccessreviews verbs: - create -- apiGroups: - - oauth.openshift.io - resources: - - oauthaccesstokens - verbs: - - list - - delete diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 70fdeed6..03c682b7 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -63,12 +63,6 @@ rules: - tokenreviews verbs: - create -- apiGroups: - - authorization.k8s.io - resources: - - selfsubjectaccessreviews - verbs: - - create - apiGroups: - authorization.k8s.io resources: @@ -121,13 +115,6 @@ rules: - networkpolicies verbs: - '*' -- apiGroups: - - oauth.openshift.io - resources: - - oauthaccesstokens - verbs: - - delete - - list - apiGroups: - operator.cryostat.io resources: diff --git a/internal/controllers/cryostat_controller.go b/internal/controllers/cryostat_controller.go index 86142f0f..98b26108 100644 --- a/internal/controllers/cryostat_controller.go +++ b/internal/controllers/cryostat_controller.go @@ -54,9 +54,7 @@ func NewCryostatReconciler(config *ReconcilerConfig) (*CryostatReconciler, error // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings,verbs=create;get;list;update;watch;delete // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=create;get;list;update;watch;delete // +kubebuilder:rbac:groups=authentication.k8s.io,resources=tokenreviews,verbs=create -// +kubebuilder:rbac:groups=authorization.k8s.io,resources=selfsubjectaccessreviews,verbs=create // +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch -// +kubebuilder:rbac:groups=oauth.openshift.io,resources=oauthaccesstokens,verbs=list;delete // +kubebuilder:rbac:groups=config.openshift.io,resources=apiservers,verbs=get;list;update;watch // +kubebuilder:rbac:groups=route.openshift.io,resources=routes;routes/custom-host,verbs=* // +kubebuilder:rbac:groups=apps.openshift.io,resources=deploymentconfigs,verbs=get