[bitnami/grafana-operator] Fix missing RBAC rules in case of cluster wide installation (#7253)

For the operator to be able to scan all namespaces, it must have these rules. Co-authored-by: Shoham, Yarden <yarden.shoham@cognyte.com>
2026-03-07 08:07:55 +08:00 · 2021-08-20 19:47:44 +03:00
parent b52ee2bc00
commit 2b357e9aae
2 changed files with 80 additions and 11 deletions
--- a/bitnami/grafana-operator/Chart.yaml
+++ b/bitnami/grafana-operator/Chart.yaml
@@ -25,4 +25,4 @@ name: grafana-operator
 sources:
  - https://github.com/integr8ly/grafana-operator
  - https://github.com/bitnami/bitnami-docker-grafana-operator
-version: 1.1.0
+version: 1.1.1
--- a/bitnami/grafana-operator/templates/rbac.yaml
+++ b/bitnami/grafana-operator/templates/rbac.yaml
@@ -135,27 +135,96 @@ metadata:
  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
  {{- end }}
 rules:
-  - apiGroups:
-      - integreatly.org
-    resources:
-      - grafanadashboards
-      - grafanadashboards/status
-      - grafanadatasources
-      - grafanadatasources/status
-    verbs: ['get', 'list', 'update', 'watch']
  - apiGroups:
      - ""
    resources:
-      - namespaces
+      - pods
+      - services
+      - endpoints
+      - persistentvolumeclaims
      - configmaps
-    verbs: ['get', 'list', 'watch']
+      - secrets
+      - serviceaccounts
+      - configmaps
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - deletecollection
+      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
+      - get
+      - list
+      - watch
      - create
+      - delete
+      - update
      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+      - deployments/finalizers
+      - daemonsets
+      - replicasets
+      - statefulsets
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - deletecollection
+      - watch
+  - apiGroups:
+      - route.openshift.io
+    resources:
+      - routes
+      - routes/custom-host
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - deletecollection
+      - watch
+      - create
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - deletecollection
+      - watch
+  - apiGroups:
+      - integreatly.org
+    resources:
+      - grafanas
+      - grafanas/status
+      - grafanas/finalizers
+      - grafanadashboards
+      - grafanadatasources
+      - grafanadatasources/status
+    verbs:
+      - get
+      - list
+      - create
+      - update
+      - delete
+      - deletecollection
+      - watch
 ---
 apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
 kind: ClusterRoleBinding