From b4fd0c88b9a41824e6891c904d5018812b1d059c Mon Sep 17 00:00:00 2001 From: r3drun3 Date: Tue, 13 Feb 2024 11:49:04 +0100 Subject: [PATCH] fix: rbac Signed-off-by: r3drun3 --- README.md | 6 +- config/rbac/role.yaml | 66 +++++++++---------- examples/pod-destroyer.yaml | 2 +- .../consumenamespaceresources_controller.go | 6 +- .../controller/eventsentropy_controller.go | 4 +- .../controller/randomscaling_controller.go | 4 +- 6 files changed, 44 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index 96d7daa..d03b20f 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,7 @@ spec: selector: matchLabels: app: nginx - maxPods: 9 + maxPods: 3 namespace: prod ``` @@ -198,7 +198,7 @@ nginx-deployment-7bf8c77b5b-gsprh 0/1 Terminating 0 33s ```console 2023-11-28T14:07:18+01:00 INFO Reconciling PodDestroyer: default/nginx-destroyer {"controller": "poddestroyer", "controllerGroup": "khaos.stackzoo.io", "controllerKind": "PodDestroyer", "PodDestroyer": {"name":"nginx-destroyer","namespace":"default"}, "namespace": "default", "name": "nginx-destroyer", "reconcileID": "1e16a7d2-825a-4b46-b4e5-ac1228bc1c36"} 2023-11-28T14:07:18+01:00 INFO Selector: {map[app:nginx] []} {"controller": "poddestroyer", "controllerGroup": "khaos.stackzoo.io", "controllerKind": "PodDestroyer", "PodDestroyer": {"name":"nginx-destroyer","namespace":"default"}, "namespace": "default", "name": "nginx-destroyer", "reconcileID": "1e16a7d2-825a-4b46-b4e5-ac1228bc1c36"} -2023-11-28T14:07:18+01:00 INFO MaxPods: 9 {"controller": "poddestroyer", "controllerGroup": "khaos.stackzoo.io", "controllerKind": "PodDestroyer", "PodDestroyer": {"name":"nginx-destroyer","namespace":"default"}, "namespace": "default", "name": "nginx-destroyer", "reconcileID": "1e16a7d2-825a-4b46-b4e5-ac1228bc1c36"} +2023-11-28T14:07:18+01:00 INFO MaxPods: 3 {"controller": "poddestroyer", "controllerGroup": "khaos.stackzoo.io", "controllerKind": "PodDestroyer", "PodDestroyer": {"name":"nginx-destroyer","namespace":"default"}, "namespace": "default", "name": "nginx-destroyer", "reconcileID": "1e16a7d2-825a-4b46-b4e5-ac1228bc1c36"} 2023-11-28T14:07:18+01:00 INFO Namespace: prod {"controller": "poddestroyer", "controllerGroup": "khaos.stackzoo.io", "controllerKind": "PodDestroyer", "PodDestroyer": {"name":"nginx-destroyer","namespace":"default"}, "namespace": "default", "name": "nginx-destroyer", "reconcileID": "1e16a7d2-825a-4b46-b4e5-ac1228bc1c36"} ``` @@ -228,7 +228,7 @@ metadata: resourceVersion: "2009" uid: fbba6287-6f70-406b-821e-9000f097afc5 spec: - maxPods: 9 + MaxPods: 3 namespace: prod selector: matchLabels: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index c73035d..6717b44 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -74,21 +74,23 @@ rules: - update - watch - apiGroups: - - khaos.my.domain + - khaos.stackzoo.io resources: - - randomscalings + - apiserveroverloads verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - khaos.my.domain + - khaos.stackzoo.io resources: - - randomscalings/status + - apiserveroverloads/finalizers + verbs: + - update +- apiGroups: + - khaos.stackzoo.io + resources: + - apiserveroverloads/status verbs: - get - patch @@ -96,21 +98,25 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - apiserveroverloads + - commandinjections verbs: + - create + - delete - get - list + - patch + - update - watch - apiGroups: - khaos.stackzoo.io resources: - - apiserveroverloads/finalizers + - commandinjections/finalizers verbs: - update - apiGroups: - khaos.stackzoo.io resources: - - apiserveroverloads/status + - commandinjections/status verbs: - get - patch @@ -118,7 +124,7 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - commandinjections + - configmapdestroyers verbs: - create - delete @@ -130,13 +136,13 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - commandinjections/finalizers + - configmapdestroyers/finalizers verbs: - update - apiGroups: - khaos.stackzoo.io resources: - - commandinjections/status + - configmapdestroyers/status verbs: - get - patch @@ -144,7 +150,7 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - configmapdestroyers + - consumenamespaceresources verbs: - create - delete @@ -156,13 +162,13 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - configmapdestroyers/finalizers + - consumenamespaceresources/finalizers verbs: - update - apiGroups: - khaos.stackzoo.io resources: - - configmapdestroyers/status + - consumenamespaceresources/status verbs: - get - patch @@ -216,7 +222,7 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - eventsentropy + - eventsentropies verbs: - create - delete @@ -228,7 +234,7 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - eventsentropy/status + - eventsentropies/status verbs: - get - patch @@ -340,7 +346,7 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - secretdestroyers + - randomscalings verbs: - create - delete @@ -352,21 +358,15 @@ rules: - apiGroups: - khaos.stackzoo.io resources: - - secretdestroyers/finalizers - verbs: - - update -- apiGroups: - - khaos.stackzoo.io - resources: - - secretdestroyers/status + - randomscalings/status verbs: - get - patch - update - apiGroups: - - stackzoo.io + - khaos.stackzoo.io resources: - - consumenamespaceresources + - secretdestroyers verbs: - create - delete @@ -376,15 +376,15 @@ rules: - update - watch - apiGroups: - - stackzoo.io + - khaos.stackzoo.io resources: - - consumenamespaceresources/finalizers + - secretdestroyers/finalizers verbs: - update - apiGroups: - - stackzoo.io + - khaos.stackzoo.io resources: - - consumenamespaceresources/status + - secretdestroyers/status verbs: - get - patch diff --git a/examples/pod-destroyer.yaml b/examples/pod-destroyer.yaml index 706b788..d63c728 100644 --- a/examples/pod-destroyer.yaml +++ b/examples/pod-destroyer.yaml @@ -6,5 +6,5 @@ spec: selector: matchLabels: app: nginx - maxPods: 9 + maxPods: 3 namespace: prod diff --git a/internal/controller/consumenamespaceresources_controller.go b/internal/controller/consumenamespaceresources_controller.go index 4a2f3c5..62fb33d 100644 --- a/internal/controller/consumenamespaceresources_controller.go +++ b/internal/controller/consumenamespaceresources_controller.go @@ -22,9 +22,9 @@ type ConsumeNamespaceResourcesReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=stackzoo.io,resources=consumenamespaceresources,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=stackzoo.io,resources=consumenamespaceresources/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=stackzoo.io,resources=consumenamespaceresources/finalizers,verbs=update +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=consumenamespaceresources,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=consumenamespaceresources/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=consumenamespaceresources/finalizers,verbs=update //+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;update func (r *ConsumeNamespaceResourcesReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { diff --git a/internal/controller/eventsentropy_controller.go b/internal/controller/eventsentropy_controller.go index f91547b..4199a63 100644 --- a/internal/controller/eventsentropy_controller.go +++ b/internal/controller/eventsentropy_controller.go @@ -22,8 +22,8 @@ type EventsEntropyReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=eventsentropy,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=eventsentropy/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=eventsentropies,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=eventsentropies/status,verbs=get;update;patch // +kubebuilder:rbac:groups="",resources=events,verbs=create func (r *EventsEntropyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { diff --git a/internal/controller/randomscaling_controller.go b/internal/controller/randomscaling_controller.go index c5bb8f8..b0799e8 100644 --- a/internal/controller/randomscaling_controller.go +++ b/internal/controller/randomscaling_controller.go @@ -23,8 +23,8 @@ type RandomScalingReconciler struct { Scheme *runtime.Scheme } -// +kubebuilder:rbac:groups=khaos.my.domain,resources=randomscalings,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=khaos.my.domain,resources=randomscalings/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=randomscalings,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=khaos.stackzoo.io,resources=randomscalings/status,verbs=get;update;patch // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;update // Reconcile implements the reconciliation loop for RandomScaling