fix(openshift): add support for openshift

Signed-off-by: cndoit18 <cndoit18@outlook.com>

charts/harbor-operator/templates/clusterrole.yaml

@@ -60,7 +60,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - pods
+  - persistentvolumeclaims/finalizers
   verbs:
   - create
   - delete
@@ -72,7 +72,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - secrets
+  - pods
   verbs:
   - create
   - delete
@@ -84,7 +84,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - services
+  - secrets
   verbs:
   - create
   - delete
@@ -94,27 +94,35 @@ rules:
   - update
   - watch
 - apiGroups:
-  - acid.zalan.do
+  - ""
   resources:
-  - operatorconfigurations
-  - postgresqls
+  - secrets/finalizers
   verbs:
   - create
   - delete
-  - deletecollection
   - get
   - list
   - patch
   - update
   - watch
 - apiGroups:
-  - acid.zalan.do
+  - ""
   resources:
-  - postgresqls/status
+  - services
   verbs:
+  - create
+  - delete
   - get
+  - list
   - patch
   - update
+  - watch
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - '*'
+  verbs:
+  - '*'
 - apiGroups:
   - apiextensions.k8s.io
   resources:
@@ -160,6 +168,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cert-manager.io
   resources:
@@ -188,7 +208,7 @@ rules:
 - apiGroups:
   - databases.spotahome.com
   resources:
-  - redisfailovers
+  - '*'
   verbs:
   - '*'
 - apiGroups:
@@ -507,6 +527,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:

controllers/goharbor/configuration/cm_reconciler.go

@@ -68,7 +68,6 @@ func isConfiguration(obj metav1.Object) bool {
 }
 
 // +kubebuilder:rbac:groups=goharbor.io,resources=harborconfigurations,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=goharbor.io,resources=harborconfigurations/finalizers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 
 func (r *CmReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error {

controllers/goharbor/harbor/harbor.go

@@ -26,7 +26,6 @@ type Reconciler struct {
 // +kubebuilder:rbac:groups=goharbor.io,resources=harbors,verbs=get;list;watch
 // +kubebuilder:rbac:groups=goharbor.io,resources=harbors/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=goharbor.io,resources=chartmuseums;cores;exporters;jobservices;notaryservers;notarysigners;portals;registries;registrycontrollers;trivies,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=goharbor.io,resources=chartmuseums/finalizers;cores/finalizers;exporters/finalizers;jobservices/finalizers;notaryservers/finalizers;notarysigners/finalizers;portals/finalizers;registries/finalizers;registrycontrollers/finalizers;trivies/finalizers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=networking.k8s.io,resources=networkpolicies,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=cert-manager.io,resources=issuers;certificates,verbs=get;list;watch;create;update;patch;delete

controllers/goharbor/harborcluster/ctrl_setup.go

@@ -49,20 +49,28 @@ type Reconciler struct {
 
 // +kubebuilder:rbac:groups=goharbor.io,resources=harborclusters,verbs=get;list;watch
 // +kubebuilder:rbac:groups=goharbor.io,resources=harborclusters/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=goharbor.io,resources=harborclusters/finalizers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
-// +kubebuilder:rbac:groups=acid.zalan.do,resources=postgresqls;operatorconfigurations,verbs=get;list;watch;create;update;patch;delete;deletecollection
-// +kubebuilder:rbac:groups=acid.zalan.do,resources=postgresqls/status,verbs=get;update;patch
-// +kubebuilder:rbac:groups=databases.spotahome.com,resources=redisfailovers,verbs=*
+// +kubebuilder:rbac:groups=databases.spotahome.com,resources=*,verbs=*
+// +kubebuilder:rbac:groups=acid.zalan.do,resources=*,verbs=*
 // +kubebuilder:rbac:groups=minio.min.io,resources=*,verbs=*
 // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=statefulsets;deployments,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=goharbor.io,resources=harbors,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=goharbor.io,resources=harbors/finalizers,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
 // +kubebuilder:rbac:groups=batch,resources=jobs,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=persistentvolumeclaims,verbs=get;list;watch;create;update;patch;delete
 
+// Enhancements to RBAC
+// see: https://sdk.operatorframework.io/docs/faqs/#after-deploying-my-operator-why-do-i-see-errors-like-is-forbidden-cannot-set-blockownerdeletion-if-an-ownerreference-refers-to-a-resource-you-cant-set-finalizers-on-
+// +kubebuilder:rbac:groups=batch,resources=jobs/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=persistentvolumeclaims/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups="",resources=secrets/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=goharbor.io,resources=harbors/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=goharbor.io,resources=harborclusters/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=goharbor.io,resources=harborconfigurations/finalizers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=goharbor.io,resources=chartmuseums/finalizers;cores/finalizers;exporters/finalizers;jobservices/finalizers;notaryservers/finalizers;notarysigners/finalizers;portals/finalizers;registries/finalizers;registrycontrollers/finalizers;trivies/finalizers,verbs=get;list;watch;create;update;patch;delete
+
 func (r *Reconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error {
 	concurrentReconcile, err := config.GetInt(r.ConfigStore, config.ReconciliationKey, config.DefaultConcurrentReconcile)
 	if err != nil {

manifests/cluster/deployment.yaml

@@ -33028,7 +33028,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - pods
+  - persistentvolumeclaims/finalizers
   verbs:
   - create
   - delete
@@ -33040,7 +33040,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - secrets
+  - pods
   verbs:
   - create
   - delete
@@ -33052,7 +33052,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - services
+  - secrets
   verbs:
   - create
   - delete
@@ -33062,27 +33062,35 @@ rules:
   - update
   - watch
 - apiGroups:
-  - acid.zalan.do
+  - ""
   resources:
-  - operatorconfigurations
-  - postgresqls
+  - secrets/finalizers
   verbs:
   - create
   - delete
-  - deletecollection
   - get
   - list
   - patch
   - update
   - watch
 - apiGroups:
-  - acid.zalan.do
+  - ""
   resources:
-  - postgresqls/status
+  - services
   verbs:
+  - create
+  - delete
   - get
+  - list
   - patch
   - update
+  - watch
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - '*'
+  verbs:
+  - '*'
 - apiGroups:
   - apiextensions.k8s.io
   resources:
@@ -33128,6 +33136,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cert-manager.io
   resources:
@@ -33156,7 +33176,7 @@ rules:
 - apiGroups:
   - databases.spotahome.com
   resources:
-  - redisfailovers
+  - '*'
   verbs:
   - '*'
 - apiGroups:
@@ -33475,6 +33495,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:

manifests/harbor/deployment.yaml

@@ -26032,7 +26032,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - pods
+  - persistentvolumeclaims/finalizers
   verbs:
   - create
   - delete
@@ -26044,7 +26044,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - secrets
+  - pods
   verbs:
   - create
   - delete
@@ -26056,7 +26056,7 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - services
+  - secrets
   verbs:
   - create
   - delete
@@ -26066,27 +26066,35 @@ rules:
   - update
   - watch
 - apiGroups:
-  - acid.zalan.do
+  - ""
   resources:
-  - operatorconfigurations
-  - postgresqls
+  - secrets/finalizers
   verbs:
   - create
   - delete
-  - deletecollection
   - get
   - list
   - patch
   - update
   - watch
 - apiGroups:
-  - acid.zalan.do
+  - ""
   resources:
-  - postgresqls/status
+  - services
   verbs:
+  - create
+  - delete
   - get
+  - list
   - patch
   - update
+  - watch
+- apiGroups:
+  - acid.zalan.do
+  resources:
+  - '*'
+  verbs:
+  - '*'
 - apiGroups:
   - apiextensions.k8s.io
   resources:
@@ -26132,6 +26140,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cert-manager.io
   resources:
@@ -26160,7 +26180,7 @@ rules:
 - apiGroups:
   - databases.spotahome.com
   resources:
-  - redisfailovers
+  - '*'
   verbs:
   - '*'
 - apiGroups:
@@ -26479,6 +26499,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses/finalizers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources: