From 4b7ab7caefad75aad04f57be145a398972e6e481 Mon Sep 17 00:00:00 2001 From: Rui Vieira Date: Fri, 23 Feb 2024 11:48:29 +0000 Subject: [PATCH] Add coordination and leases permissions --- ...styai.opendatahub.io_trustyaiservices.yaml | 186 ++++---- config/rbac/role.yaml | 430 +++++++++--------- controllers/trustyaiservice_controller.go | 1 + 3 files changed, 313 insertions(+), 304 deletions(-) diff --git a/config/crd/bases/trustyai.opendatahub.io_trustyaiservices.yaml b/config/crd/bases/trustyai.opendatahub.io_trustyaiservices.yaml index a04c9950..56921595 100644 --- a/config/crd/bases/trustyai.opendatahub.io_trustyaiservices.yaml +++ b/config/crd/bases/trustyai.opendatahub.io_trustyaiservices.yaml @@ -15,108 +15,108 @@ spec: singular: trustyaiservice scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: TrustyAIService is the Schema for the trustyaiservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + - name: v1alpha1 + schema: + openAPIV3Schema: + description: TrustyAIService is the Schema for the trustyaiservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TrustyAIServiceSpec defines the desired state of TrustyAIService - properties: - data: + type: string + metadata: + type: object + spec: + description: TrustyAIServiceSpec defines the desired state of TrustyAIService + properties: + data: + properties: + filename: + type: string + format: + type: string + required: + - filename + - format + type: object + metrics: + properties: + batchSize: + type: integer + schedule: + type: string + required: + - schedule + type: object + replicas: + description: Number of replicas + format: int32 + type: integer + storage: + properties: + folder: + type: string + format: + type: string + size: + type: string + required: + - folder + - format + - size + type: object + required: + - data + - metrics + - storage + type: object + status: + description: TrustyAIServiceStatus defines the observed state of TrustyAIService + properties: + conditions: + items: + description: Condition represents possible conditions of a TrustyAIServiceStatus properties: - filename: + lastTransitionTime: + format: date-time type: string - format: + message: type: string - required: - - filename - - format - type: object - metrics: - properties: - batchSize: - type: integer - schedule: - type: string - required: - - schedule - type: object - replicas: - description: Number of replicas - format: int32 - type: integer - storage: - properties: - folder: + reason: type: string - format: + status: type: string - size: + type: type: string required: - - folder - - format - - size + - lastTransitionTime + - message + - reason + - status + - type type: object - required: - - data - - metrics - - storage - type: object - status: - description: TrustyAIServiceStatus defines the observed state of TrustyAIService - properties: - conditions: - items: - description: Condition represents possible conditions of a TrustyAIServiceStatus - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - phase: - description: Define your status fields here - type: string - ready: - type: string - replicas: - format: int32 - type: integer - required: - - conditions - - phase - - replicas - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + phase: + description: Define your status fields here + type: string + ready: + type: string + replicas: + format: int32 + type: integer + required: + - conditions + - phase + - replicas + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 6dd69c10..b6b21e4b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,214 +5,222 @@ metadata: creationTimestamp: null name: manager-role rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - apps - resources: - - deployments/finalizers - verbs: - - update - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - patch - - update - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - create - - list - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - serving.kserve.io - resources: - - inferenceservices - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - serving.kserve.io - resources: - - inferenceservices/finalizers - verbs: - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - serving.kserve.io - resources: - - servingruntimes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - serving.kserve.io - resources: - - servingruntimes/status - verbs: - - get - - patch - - update - - apiGroups: - - trustyai.opendatahub.io - resources: - - trustyaiservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - trustyai.opendatahub.io - resources: - - trustyaiservices/finalizers - verbs: - - update - - apiGroups: - - trustyai.opendatahub.io - resources: - - trustyaiservices/status - verbs: - - get - - patch - - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - persistentvolumes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - inferenceservices + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - inferenceservices/finalizers + verbs: + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update +- apiGroups: + - trustyai.opendatahub.io + resources: + - trustyaiservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - trustyai.opendatahub.io + resources: + - trustyaiservices/finalizers + verbs: + - update +- apiGroups: + - trustyai.opendatahub.io + resources: + - trustyaiservices/status + verbs: + - get + - patch + - update diff --git a/controllers/trustyaiservice_controller.go b/controllers/trustyaiservice_controller.go index c7c22ab0..cf0ec97f 100644 --- a/controllers/trustyaiservice_controller.go +++ b/controllers/trustyaiservice_controller.go @@ -67,6 +67,7 @@ type TrustyAIServiceReconciler struct { //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=serviceaccounts,verbs=get;list;watch;create;update;delete //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;update;delete +//+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state.