Merge pull request #499 from droot/bugfix/rbac-rule-status-subresource

add RBAC annotation for status subresource

Author: k8s-ci-robot

pkg/scaffold/controller/controller.go

@@ -198,8 +198,10 @@ type Reconcile{{ .Resource.Kind }} struct {
 {{ if .Resource.CreateExampleReconcileBody -}}
 // Automatically generate RBAC rules to allow the Controller to read and write Deployments
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 {{ end -}}
 // +kubebuilder:rbac:groups={{.GroupDomain}},resources={{ .Plural }},verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups={{.GroupDomain}},resources={{ .Plural }}/status,verbs=get;update;patch
 func (r *Reconcile{{ .Resource.Kind }}) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	// Fetch the {{ .Resource.Kind }} instance
 	instance := &{{ .Resource.Group}}{{ .Resource.Version }}.{{ .Resource.Kind }}{}

test/project/config/rbac/rbac_role.yaml

@@ -16,6 +16,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - apps
+  resources:
+  - deployments/status
+  verbs:
+  - get
+  - update
+  - patch
 - apiGroups:
   - crew.testproject.org
   resources:
@@ -28,6 +36,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - crew.testproject.org
+  resources:
+  - firstmates/status
+  verbs:
+  - get
+  - update
+  - patch
 - apiGroups:
   - ship.testproject.org
   resources:
@@ -40,6 +56,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - ship.testproject.org
+  resources:
+  - frigates/status
+  verbs:
+  - get
+  - update
+  - patch
 - apiGroups:
   - policy.testproject.org
   resources:
@@ -52,6 +76,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - policy.testproject.org
+  resources:
+  - healthcheckpolicies/status
+  verbs:
+  - get
+  - update
+  - patch
 - apiGroups:
   - creatures.testproject.org
   resources:
@@ -64,6 +96,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - creatures.testproject.org
+  resources:
+  - krakens/status
+  verbs:
+  - get
+  - update
+  - patch
 - apiGroups:
   - ""
   resources:
@@ -76,6 +116,14 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - ""
+  resources:
+  - namespaces/status
+  verbs:
+  - get
+  - update
+  - patch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:

test/project/pkg/controller/firstmate/firstmate_controller.go

@@ -96,7 +96,9 @@ type ReconcileFirstMate struct {
 // a Deployment as an example
 // Automatically generate RBAC rules to allow the Controller to read and write Deployments
 // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=crew.testproject.org,resources=firstmates,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=crew.testproject.org,resources=firstmates/status,verbs=get;update;patch
 func (r *ReconcileFirstMate) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	// Fetch the FirstMate instance
 	instance := &crewv1.FirstMate{}

test/project/pkg/controller/frigate/frigate_controller.go

@@ -87,6 +87,7 @@ type ReconcileFrigate struct {
 // TODO(user): Modify this Reconcile function to implement your Controller logic.  The scaffolding writes
 // a Deployment as an example
 // +kubebuilder:rbac:groups=ship.testproject.org,resources=frigates,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=ship.testproject.org,resources=frigates/status,verbs=get;update;patch
 func (r *ReconcileFrigate) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	// Fetch the Frigate instance
 	instance := &shipv1beta1.Frigate{}

test/project/pkg/controller/healthcheckpolicy/healthcheckpolicy_controller.go

@@ -87,6 +87,7 @@ type ReconcileHealthCheckPolicy struct {
 // TODO(user): Modify this Reconcile function to implement your Controller logic.  The scaffolding writes
 // a Deployment as an example
 // +kubebuilder:rbac:groups=policy.testproject.org,resources=healthcheckpolicies,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=policy.testproject.org,resources=healthcheckpolicies/status,verbs=get;update;patch
 func (r *ReconcileHealthCheckPolicy) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	// Fetch the HealthCheckPolicy instance
 	instance := &policyv1beta1.HealthCheckPolicy{}

test/project/pkg/controller/kraken/kraken_controller.go

@@ -87,6 +87,7 @@ type ReconcileKraken struct {
 // TODO(user): Modify this Reconcile function to implement your Controller logic.  The scaffolding writes
 // a Deployment as an example
 // +kubebuilder:rbac:groups=creatures.testproject.org,resources=krakens,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=creatures.testproject.org,resources=krakens/status,verbs=get;update;patch
 func (r *ReconcileKraken) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	// Fetch the Kraken instance
 	instance := &creaturesv2alpha1.Kraken{}

test/project/pkg/controller/namespace/namespace_controller.go

@@ -87,6 +87,7 @@ type ReconcileNamespace struct {
 // TODO(user): Modify this Reconcile function to implement your Controller logic.  The scaffolding writes
 // a Deployment as an example
 // +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=core,resources=namespaces/status,verbs=get;update;patch
 func (r *ReconcileNamespace) Reconcile(request reconcile.Request) (reconcile.Result, error) {
 	// Fetch the Namespace instance
 	instance := &corev1.Namespace{}