github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-02 17:57:33 +00:00
Code Issues Projects Releases Wiki Activity

Fix OwnerReferencesPermissionEnforcement complaints when autodeleting PVCs

Browse Source 
When StatefulSetAutoDeletePVC feature gate is enabled, StatefulSet
controller updates ownerReferences on managed PVCs. To be able to pass
OwnerReferencesPermissionEnforcement admission, it must have permissions to
delete PVCs.
This commit is contained in:
Jan Safranek
2022-11-24 14:46:42 +01:00
parent 8f2371bcce
commit ebc5b208ae
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@@ -384,7 +384,7 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
}
if utilfeature.DefaultFeatureGate.Enabled(features.StatefulSetAutoDeletePVC) {
role.Rules = append(role.Rules, rbacv1helpers.NewRule("update").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie())
role.Rules = append(role.Rules, rbacv1helpers.NewRule("update", "delete").Groups(legacyGroup).Resources("persistentvolumeclaims").RuleOrDie())
}
return role