From 99dead55569a2e1c0be0a8def1a879faa936c2fa Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 21 Jul 2025 11:00:14 +0200 Subject: [PATCH] fix: Add RBAC permission to patch events (#963) * fix: Add RBAC permission to patch events * changelog --- CHANGELOG.md | 3 +++ deploy/helm/zookeeper-operator/templates/roles.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 767a96bf..1e8c1010 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -36,6 +36,8 @@ All notable changes to this project will be documented in this file. - The default Kubernetes cluster domain name is now fetched from the kubelet API unless explicitly configured. - This requires operators to have the RBAC permission to get nodes/proxy in the apiGroup "". The helm-chart takes care of this. - The CLI argument `--kubernetes-node-name` or env variable `KUBERNETES_NODE_NAME` needs to be set. The helm-chart takes care of this. +- The operator helm-chart now grants RBAC `patch` permissions on `events.k8s.io/events`, + so events can be aggregated (e.g. "error happened 10 times over the last 5 minutes") ([#963]). ### Fixed @@ -60,6 +62,7 @@ All notable changes to this project will be documented in this file. [#955]: https://github.com/stackabletech/zookeeper-operator/pull/955 [#957]: https://github.com/stackabletech/zookeeper-operator/pull/957 [#961]: https://github.com/stackabletech/zookeeper-operator/pull/961 +[#963]: https://github.com/stackabletech/zookeeper-operator/pull/963 ## [25.3.0] - 2025-03-21 diff --git a/deploy/helm/zookeeper-operator/templates/roles.yaml b/deploy/helm/zookeeper-operator/templates/roles.yaml index 5d2d3b6e..f758e9e5 100644 --- a/deploy/helm/zookeeper-operator/templates/roles.yaml +++ b/deploy/helm/zookeeper-operator/templates/roles.yaml @@ -164,6 +164,7 @@ rules: - events verbs: - create + - patch {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }} - apiGroups: - security.openshift.io