From 15c626593b1d94944ed6515b0ed6c32c939c6efc Mon Sep 17 00:00:00 2001
From: Mingchen Dai <daimingchen@mail.ustc.edu.cn>
Date: Mon, 30 Sep 2024 09:56:04 +0000
Subject: [PATCH] fix RBAC using '+kubebuilder:rbac:' prefix

---
 config/rbac/role.yaml                         | 26 ++++++++++++++-----
 .../controller/devcontainerapp_controller.go  |  2 ++
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index ff1ab30..a0f8e06 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -4,6 +4,26 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
 - apiGroups:
   - devcontainer.devstar.cn
   resources:
@@ -30,9 +50,3 @@ rules:
   - get
   - patch
   - update
-- apiGroups: [""]
-  resources: ["services"]
-  verbs: ["create", "delete", "get", "list", "watch"]
-- apiGroups: ["apps"]
-  resources: ["statefulsets"]
-  verbs: ["create", "delete", "get", "list", "watch"]
diff --git a/internal/controller/devcontainerapp_controller.go b/internal/controller/devcontainerapp_controller.go
index b4aa976..34696f6 100644
--- a/internal/controller/devcontainerapp_controller.go
+++ b/internal/controller/devcontainerapp_controller.go
@@ -43,6 +43,8 @@ type DevcontainerAppReconciler struct {
 // +kubebuilder:rbac:groups=devcontainer.devstar.cn,resources=devcontainerapps,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=devcontainer.devstar.cn,resources=devcontainerapps/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=devcontainer.devstar.cn,resources=devcontainerapps/finalizers,verbs=update
+// +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=create;delete;get;list;watch
+// +kubebuilder:rbac:groups="",resources=services,verbs=create;delete;get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.