RBAC fix to enable slack cluster queue lending limit adjustment

The codeflare operator needs permission to read and write clusterqueues to enable the AppWrapper controller to adjust the lending limit of a designated slack cluster queue to reflect cordoned nodes.
project-codeflare · Sep 3, 2024 · 181a1ec · 181a1ec
1 parent 7f00118
commit 181a1ec
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -168,6 +168,16 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - kueue.x-k8s.io
+  resources:
+  - clusterqueues
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - kueue.x-k8s.io
   resources:

diff --git a/pkg/controllers/appwrapper_controller.go b/pkg/controllers/appwrapper_controller.go
@@ -42,5 +42,6 @@ package controllers
 // +kubebuilder:rbac:groups=kueue.x-k8s.io,resources=resourceflavors,verbs=get;list;watch
 // +kubebuilder:rbac:groups=kueue.x-k8s.io,resources=workloadpriorityclasses,verbs=get;list;watch
 
-// permission to watch nodes for Autopilot integration
+// permission to watch nodes and edit clusterqueues for Autopilot integration
 //+kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch
+//+kubebuilder:rbac:groups=kueue.x-k8s.io,resources=clusterqueues,verbs=get;list;watch;update;patch