Add leases access to leader role (#2365)

Azure · Jun 28, 2022 · 8e99791 · 8e99791
1 parent e364bdf
commit 8e99791
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/scripts/make-multitenant-cluster.sh b/scripts/make-multitenant-cluster.sh
@@ -26,6 +26,9 @@ yq eval "$query" "$source" > "$target"
 # Remove the aadpodidbinding label - this is only needed for communicating to ARM
 yq eval -i "del(select($deployment) | .spec.template.metadata.labels.aadpodidbinding)" "$target"
 
+# Edit the deployment to turn off leader election for the webhook only pod, as the webhooks don't wait for leader election anyway.
+yq eval -i "del(select($deployment) | .spec.template.spec.containers[] | select(.name == \"manager\").args[] | select(. == \"--enable-leader-election\"))" "$target"
+
 # Change the manager container env vars - the webhook server only
 # needs pod namespace, operator mode and subscription id (which isn't
 # used).

diff --git a/v2/config/rbac/leader_election_role.yaml b/v2/config/rbac/leader_election_role.yaml
@@ -30,3 +30,15 @@ rules:
   - events
   verbs:
   - create
+- apiGroups:
+    - coordination.k8s.io
+  resources:
+    - leases
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch