fix: add clusters/finalizers rbac

Add the required missing permission to operate in k8s environments where the Admission Controller Plugin "OwnerReferencesPermissionEnforcement" is enabled. Signed-off-by: Gabriele Fedi <gabriele.fedi@enterprisedb.com>
2026-01-11 21:23:12 +01:00 · 2025-08-08 14:37:10 +02:00 · 2025-08-08 14:37:10 +02:00 · 7055eaad58
commit 7055eaad58
parent b2645827b8
2 changed files with 7 additions and 0 deletions
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@ -48,6 +48,12 @@ rules:
  - get
  - list
  - watch
 - apiGroups:
  - postgresql.cnpg.io
  resources:
  - clusters/finalizers
  verbs:
  - update
 - apiGroups:
  - rbac.authorization.k8s.io
  resources:
--- a/internal/controller/objectstore_controller.go
+++ b/internal/controller/objectstore_controller.go
@ -37,6 +37,7 @@ type ObjectStoreReconciler struct {
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=rolebindings,verbs=create;patch;update;get;list;watch
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles,verbs=create;patch;update;get;list;watch
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=create;list;get;watch;delete
 // +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=clusters/finalizers,verbs=update
 // +kubebuilder:rbac:groups=postgresql.cnpg.io,resources=backups,verbs=get;list;watch
 // +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=barmancloud.cnpg.io,resources=objectstores/status,verbs=get;update;patch