From e5c46a2211495d96c3087bd80025ea834edee428 Mon Sep 17 00:00:00 2001 From: Maxim Patlasov Date: Thu, 4 Sep 2025 16:30:30 -0700 Subject: [PATCH] Add RBAC rule to let manila-csi-driver-operator manage NetworkPolicy The operator needs permissions to publish and monitor NPs in the custom namespace `openshift-manila-csi-driver`. See https://github.com/openshift/csi-operator/pull/424 for details. --- .../openstack-manila/base/05_clusterrole.yaml | 12 ++++++++++++ ...rrole_manila-csi-driver-operator-clusterrole.yaml | 12 ++++++++++++ ...rrole_manila-csi-driver-operator-clusterrole.yaml | 12 ++++++++++++ 3 files changed, 36 insertions(+) diff --git a/assets/csidriveroperators/openstack-manila/base/05_clusterrole.yaml b/assets/csidriveroperators/openstack-manila/base/05_clusterrole.yaml index 64d110d18..f485f14ae 100644 --- a/assets/csidriveroperators/openstack-manila/base/05_clusterrole.yaml +++ b/assets/csidriveroperators/openstack-manila/base/05_clusterrole.yaml @@ -327,3 +327,15 @@ rules: - update - patch - delete +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list + - get + - create + - delete + - patch + - update diff --git a/assets/csidriveroperators/openstack-manila/hypershift/guest/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml b/assets/csidriveroperators/openstack-manila/hypershift/guest/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml index 20df6da85..bba4af69f 100644 --- a/assets/csidriveroperators/openstack-manila/hypershift/guest/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml +++ b/assets/csidriveroperators/openstack-manila/hypershift/guest/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml @@ -317,3 +317,15 @@ rules: - update - patch - delete +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list + - get + - create + - delete + - patch + - update diff --git a/assets/csidriveroperators/openstack-manila/standalone/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml b/assets/csidriveroperators/openstack-manila/standalone/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml index 20df6da85..bba4af69f 100644 --- a/assets/csidriveroperators/openstack-manila/standalone/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml +++ b/assets/csidriveroperators/openstack-manila/standalone/generated/rbac.authorization.k8s.io_v1_clusterrole_manila-csi-driver-operator-clusterrole.yaml @@ -317,3 +317,15 @@ rules: - update - patch - delete +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - watch + - list + - get + - create + - delete + - patch + - update