From fc032336759166d9fd627e587dbf9846c85e3cc2 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 21 Jul 2025 12:17:51 +0200 Subject: [PATCH] fix: Add RBAC permission to patch events (#879) * fix: Add RBAC permission to patch events * changelog --- CHANGELOG.md | 3 +++ deploy/helm/kafka-operator/templates/roles.yaml | 1 + 2 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c6e07824..0e10f057 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -35,6 +35,8 @@ All notable changes to this project will be documented in this file. - The default Kubernetes cluster domain name is now fetched from the kubelet API unless explicitly configured. - This requires operators to have the RBAC permission to get nodes/proxy in the apiGroup "". The helm-chart takes care of this. - The CLI argument `--kubernetes-node-name` or env variable `KUBERNETES_NODE_NAME` needs to be set. The helm-chart takes care of this. +- The operator helm-chart now grants RBAC `patch` permissions on `events.k8s.io/events`, + so events can be aggregated (e.g. "error happened 10 times over the last 5 minutes") ([#879]). ### Fixed @@ -63,6 +65,7 @@ All notable changes to this project will be documented in this file. [#866]: https://github.com/stackabletech/kafka-operator/pull/866 [#868]: https://github.com/stackabletech/kafka-operator/pull/868 [#878]: https://github.com/stackabletech/kafka-operator/pull/878 +[#879]: https://github.com/stackabletech/kafka-operator/pull/879 ## [25.3.0] - 2025-03-21 diff --git a/deploy/helm/kafka-operator/templates/roles.yaml b/deploy/helm/kafka-operator/templates/roles.yaml index d92d86de..79a6c5f6 100644 --- a/deploy/helm/kafka-operator/templates/roles.yaml +++ b/deploy/helm/kafka-operator/templates/roles.yaml @@ -163,6 +163,7 @@ rules: - events verbs: - create + - patch {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }} - apiGroups: - security.openshift.io