From 956b3fc751833cff07abc2126d1795eb9e4233b5 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Thu, 17 Jul 2025 14:07:25 +0200 Subject: [PATCH 1/2] fix: Add RBAC permission to patch events --- deploy/helm/hbase-operator/templates/roles.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/deploy/helm/hbase-operator/templates/roles.yaml b/deploy/helm/hbase-operator/templates/roles.yaml index 19e57650..606b5025 100644 --- a/deploy/helm/hbase-operator/templates/roles.yaml +++ b/deploy/helm/hbase-operator/templates/roles.yaml @@ -135,6 +135,7 @@ rules: - events verbs: - create + - patch {{ if .Capabilities.APIVersions.Has "security.openshift.io/v1" }} - apiGroups: - security.openshift.io From 9deabf3baea09c691c0554a0faf38db6dc244b60 Mon Sep 17 00:00:00 2001 From: Sebastian Bernauer Date: Mon, 21 Jul 2025 10:30:15 +0200 Subject: [PATCH 2/2] changelog --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d729b4b..721fc577 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -32,6 +32,8 @@ - The default Kubernetes cluster domain name is now fetched from the kubelet API unless explicitly configured. - This requires operators to have the RBAC permission to get nodes/proxy in the apiGroup "". The helm-chart takes care of this. - The CLI argument `--kubernetes-node-name` or env variable `KUBERNETES_NODE_NAME` needs to be set. The helm-chart takes care of this. +- The operator helm-chart now grants RBAC `patch` permissions on `events.k8s.io/events`, + so events can be aggregated (e.g. "error happened 10 times over the last 5 minutes") ([#678]). ### Fixed @@ -62,6 +64,7 @@ [#661]: https://github.com/stackabletech/hbase-operator/pull/661 [#672]: https://github.com/stackabletech/hbase-operator/pull/672 [#675]: https://github.com/stackabletech/hbase-operator/pull/675 +[#678]: https://github.com/stackabletech/hbase-operator/pull/678 ## [25.3.0] - 2025-03-21