diff --git a/controllers/build_controller.go b/controllers/build_controller.go index 337b57e..d8dffdb 100644 --- a/controllers/build_controller.go +++ b/controllers/build_controller.go @@ -45,10 +45,9 @@ const insightsBuildPodScannedLabel = "insights.lagoon.sh/scanned" const insightsScanPodLabel = "insights.lagoon.sh/scan-status" const dockerhost = "docker-host.lagoon.svc" //TODO in future versions this will be read from the build CRD -//+kubebuilder:rbac:groups=core,resources=deployments,verbs=get;list //+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list -//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list +//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch +//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch // Reconcile is part of the Kubebuilder machinery - it kicks off when we find a build pod in the correct // state for scanning - i.e. whenever there's a successful build. diff --git a/controllers/configmap_controller.go b/controllers/configmap_controller.go index d98dfd5..e2209f2 100644 --- a/controllers/configmap_controller.go +++ b/controllers/configmap_controller.go @@ -59,8 +59,6 @@ type ConfigMapReconciler struct { } //+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core,resources=configmaps/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core,resources=configmaps/finalizers,verbs=update // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/controllers/namespace_controller.go b/controllers/namespace_controller.go index f2cbfe6..453994f 100644 --- a/controllers/namespace_controller.go +++ b/controllers/namespace_controller.go @@ -42,9 +42,8 @@ type NamespaceReconciler struct { const insightsTokenLabel = "lagoon.sh/insights-token" -//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=core,resources=namespaces/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=core,resources=namespaces/finalizers,verbs=update +//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch +//+kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch;create;update;patch;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.