fix: add necessary configurations for permissions

Author: VanillaSpoon

Makefile

@@ -3,7 +3,7 @@
 #
 # For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both
 # my.domain/instascale-1-bundle:$VERSION and my.domain/instascale-1-catalog:$VERSION.
-IMAGE_TAG_BASE ?= quay.io/project-codeflare/instascale
+IMAGE_TAG_BASE ?= quay.io/project-codeflare/instascale-controller
 
 ENGINE ?= "podman"
 
@@ -16,7 +16,7 @@ ifeq ($(USE_IMAGE_DIGESTS), true)
 endif
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.23
 
@@ -114,19 +114,23 @@ endif
 .PHONY: install
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/configmap | kubectl apply -f -
 
 .PHONY: uninstall
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/configmap | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/configmap | kubectl apply -f -
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/configmap | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 ## Location to install dependencies to
 LOCALBIN ?= $(shell pwd)/bin

config/configmap/instascale_configmap.yaml

@@ -0,0 +1,7 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: instascale-config
+  namespace: kube-system
+data:
+  maxScaleoutAllowed: "15"

config/configmap/kustomization.yaml

@@ -0,0 +1,2 @@
+resources:
+- instascale_configmap.yaml

config/manager/kustomization.yaml

@@ -12,5 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
+  newName: quay.io/project-codeflare/instascale-controller
   newTag: latest

config/rbac/instascale_configmap.yaml

@@ -0,0 +1,7 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: instascale-config
+  namespace: kube-system
+data:
+  maxScaleoutAllowed: "15"

config/rbac/role.yaml

@@ -5,6 +5,37 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - instascale-config
+  resources:
+  - configmaps
+  - nodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resourceNames:
+  - instascale-ocm-secret
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -23,6 +54,26 @@ rules:
   - machineset/status
   verbs:
   - get
+- apiGroups:
+  - config.openshift.io
+  resources:
+  - clusterversions
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - machine.openshift.io
+  resources:
+  - '*'
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - workload.codeflare.dev
   resources:
@@ -49,18 +100,3 @@ rules:
   - get
   - patch
   - update
-- apiGroups:
-    - ""
-  resourceNames:
-    - instascale-ocm-secret
-  resources:
-    - secrets
-  verbs:
-    - get
-- apiGroups:
-  - config.openshift.io 
-  resources:
-  - clusterversions
-  verbs:
-  - get
-  - update

controllers/appwrapper_controller.go

@@ -84,6 +84,10 @@ const (
 // +kubebuilder:rbac:groups=apps,resources=machineset,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=machineset/status,verbs=get
 
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=list;watch;get
+// +kubebuilder:rbac:groups=machine.openshift.io,resources=*,verbs=list;watch;get;create;update;delete;patch
+// +kubebuilder:rbac:groups=config.openshift.io,resources=clusterversions,verbs=get;list;watch
+
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
 // TODO(user): Modify the Reconcile function to compare the state specified by

main.go

@@ -49,6 +49,9 @@ var (
 	setupLog = ctrl.Log.WithName("setup")
 )
 
+// +kubebuilder:rbac:groups="",resources=secrets,resourceNames=instascale-ocm-secret,verbs=get
+// +kubebuilder:rbac:groups="",resources=nodes;configmaps,resourceNames=instascale-config,verbs=list;watch;get;create;update;delete;patch
+
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(configv1.Install(scheme))