On some locked down clusters, the status update for CRD's will fail due to missing RBAC. This updates the fix-crds tool so that it includes customresourcedefinitions/status in the RBAC permissions when updating CRDs. AFAIK, it seems like it will report an error but still update status in our CI tests which is why we didn't catch this.
This supersedes https://github.com/emissary-ingress/emissary/pull/5449 because the file changed in that PR is generated and would get overridden as soon as make generate was called again. The file is generated via the tools/src/fix-crds using the template defined here: tools/src/fix-crds/apiext.yaml so that has been updated so that make generate is clean now.
Description
On some locked down clusters, the status update for CRD's will fail due to missing RBAC. This updates the fix-crds tool so that it includes
customresourcedefinitions/status
in the RBAC permissions when updating CRDs. AFAIK, it seems like it will report an error but still update status in our CI tests which is why we didn't catch this.This supersedes https://github.com/emissary-ingress/emissary/pull/5449 because the file changed in that PR is generated and would get overridden as soon as make generate was called again. The file is generated via the
tools/src/fix-crds
using the template defined here:tools/src/fix-crds/apiext.yaml
so that has been updated so thatmake generate
is clean now.Related Issues
Fixes https://github.com/emissary-ingress/emissary/issues/5436
Testing
CI Tests are still passing. Manually testing from user as noted here: https://github.com/emissary-ingress/emissary/pull/5449#issue-2002048514
Checklist
CHANGELOG.md
.DEVELOPING.md
with any any special dev tricks I had to use to work on this code efficiently.