fix comments for karmada-operator

Signed-off-by: B1F030 <[email protected]>
karmada-io · Oct 16, 2024 · a579899 · a579899
1 parent fc687e4
commit a579899
Showing 1 changed file with 40 additions and 51 deletions.
diff --git a/docs/reference/components-privileges.md b/docs/reference/components-privileges.md
@@ -4,78 +4,67 @@ title: Components Privileges
 
 ### karmada-operator
 ```yaml
+rules:
   - apiGroups:
-      - "autoscaling.karmada.io"
+      - coordination.k8s.io
     resources:
-      - cronfederatedhpas
-      - cronfederatedhpas/status
-      - federatedhpas
-      - federatedhpas/status
+      - leases # karmada-operator requires access to the Lease resource for leader election.
     verbs:
-      - get
-      - list
-      - watch
+      - get # to check if a lease exists.
+      - create # to acquire a new lease.
+      - update # to renew an existing lease.
   - apiGroups:
-      - "cluster.karmada.io"
+      - operator.karmada.io
     resources:
-      - clusters
-      - clusters/status
+      - karmadas # to manage karmada instances
     verbs:
-      - get
-      - list
-      - watch
+      - get # to fetch details of karmada instances.
+      - list # to list all karmada instances.
+      - watch # to watch for changes in karmada instances.
+      - update # to modify karmada instances.
   - apiGroups:
-      - "certificates.k8s.io"
+      - operator.karmada.io
     resources:
-      - certificatesigningrequests
-      - certificatesigningrequests/status
+      - karmadas/status
     verbs:
-      - get
-      - list
-      - watch
+      - update # to update the status subresource of karmada instances.
   - apiGroups:
-      - "multicluster.x-k8s.io"
+      - ""
     resources:
-      - serviceexports
-      - serviceexports/status
-      - serviceimports
-      - serviceimports/status
+      - events # allows karmada-operator to record events in the kubernetes api-server.
     verbs:
-      - get
-      - list
-      - watch
+      - create
   - apiGroups:
-      - "networking.karmada.io"
+      - ""
     resources:
-      - multiclusteringresses
-      - multiclusteringresses/status
-      - multiclusterservices
-      - multiclusterservices/status
+      - nodes # to list cluster nodes, which is necessary to get node information.
+      - pods # to list pods, potentially for health checks or other operational needs.
     verbs:
-      - get
       - list
-      - watch
   - apiGroups:
-      - "policy.karmada.io"
+      - ""
     resources:
-      - overridepolicies
-      - clusteroverridepolicies
-      - propagationpolicies
+      - namespaces # to get information about namespaces, and deploy resources into specific namespaces.
     verbs:
       - get
-      - list
-      - watch
   - apiGroups:
-      - "work.karmada.io"
+      - ""
     resources:
-      - resourcebindings
-      - resourcebindings/status
-      - clusterresourcebindings
-      - clusterresourcebindings/status
-      - works
-      - works/status
+      - secrets # to manage secrets, which might contain sensitive data like credentials.
+      - services # to manage services, which are used to expose applications within the cluster.
     verbs:
-      - get
-      - list
-      - watch
+      - get # to retrieve secret and service configurations.
+      - create # to create new secrets and services.
+      - update # to modify existing secrets and services.
+      - delete # to remove unused secrets and services.
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets # to manage statefulsets, e.g. etcd.
+      - deployments # to manage deployments, e.g. karmada-operator.
+    verbs:
+      - get # to retrieve statefulset and deployment configurations.
+      - create # to create new statefulsets and deployments.
+      - update # to modify existing statefulsets and deployments.
+      - delete # to remove unused statefulsets and deployments.
 ```