Add pod deletecollection permissions to operator

CrowdStrike · Sep 12, 2022 · 97b1e2f · 97b1e2f
1 parent 5b8ea45
commit 97b1e2f
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 0 deletions.
diff --git a/bundle/manifests/falcon-operator.clusterserviceversion.yaml b/bundle/manifests/falcon-operator.clusterserviceversion.yaml
@@ -228,6 +228,7 @@ spec:
           - pods
           verbs:
           - delete
+          - deletecollection
           - get
           - list
           - watch

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -21,6 +21,7 @@ rules:
   - pods
   verbs:
   - delete
+  - deletecollection
   - get
   - list
   - watch

diff --git a/controllers/falcon/falconnodesensor_controller.go b/controllers/falcon/falconnodesensor_controller.go
@@ -46,6 +46,9 @@ func (r *FalconNodeSensorReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Complete(r)
 }
 
+// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;delete;deletecollection
+// +kubebuilder:rbac:groups="",resources=pods/log,verbs=get
+
 //+kubebuilder:rbac:groups=falcon.crowdstrike.com,resources=falconnodesensors,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=falcon.crowdstrike.com,resources=falconnodesensors/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=falcon.crowdstrike.com,resources=falconnodesensors/finalizers,verbs=update