From 4613b47797c8e93cb189d58deebad5e0a0c3fce0 Mon Sep 17 00:00:00 2001 From: Jiahui <4543bxy@gmail.com> Date: Tue, 15 Oct 2024 16:52:53 +0800 Subject: [PATCH] fix the init job to create user permissions (#5153) --- controllers/account/config/rbac/role.yaml | 1 + controllers/account/controllers/account_controller.go | 2 +- controllers/account/deploy/manifests/deploy.yaml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/controllers/account/config/rbac/role.yaml b/controllers/account/config/rbac/role.yaml index 723a2837e5d..ae3b9773c50 100644 --- a/controllers/account/config/rbac/role.yaml +++ b/controllers/account/config/rbac/role.yaml @@ -337,6 +337,7 @@ rules: resources: - users verbs: + - create - get - list - watch diff --git a/controllers/account/controllers/account_controller.go b/controllers/account/controllers/account_controller.go index ff5d6c012d7..7024d150cfb 100644 --- a/controllers/account/controllers/account_controller.go +++ b/controllers/account/controllers/account_controller.go @@ -86,7 +86,7 @@ type AccountReconciler struct { //+kubebuilder:rbac:groups=account.sealos.io,resources=accounts/finalizers,verbs=update //+kubebuilder:rbac:groups=core,resources=resourcequotas,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=core,resources=limitranges,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=user.sealos.io,resources=users,verbs=get;list;watch +//+kubebuilder:rbac:groups=user.sealos.io,resources=users,verbs=create;get;list;watch //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete diff --git a/controllers/account/deploy/manifests/deploy.yaml b/controllers/account/deploy/manifests/deploy.yaml index 0dbf09c8853..6ae9808efe5 100644 --- a/controllers/account/deploy/manifests/deploy.yaml +++ b/controllers/account/deploy/manifests/deploy.yaml @@ -550,6 +550,7 @@ rules: resources: - users verbs: + - create - get - list - watch