Modifying The Default Kubebuilder ClusterRole

This role the primary role that is updated to give the operator permissions on the APIs defined within the project. Manual edits will not persist and will be overwritten, but the ClusterRole manifest can be found at /config/rbac/role.yaml and the ClusterRoleBinding at /config/rbac/role_binding.yaml.

Renaming The Role

Renaming the role must be done through the MAKEFILE.

manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
	"$(CONTROLLER_GEN)" rbac:roleName=my-super-cool-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases

Extending Permissions For The Role

Adding comments in the controller file at the root level will allow you to add additional permissions.

// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete