Fix WebHook controller crashing on minishift

Installing tekton on minishift fails to bring up webhook-controller pod due missing RBAC policy. Pod logs shows the following error ``` json { "level":"error", "logger":"webhook", "caller":"webhook/webhook.go:310" , "msg":"failed to register webhook" "knative.dev/controller":"webhook" "error":"failed to create a webhook: mutatingwebhookconfigurations.admissionregistration.k8s.io \"webhook.tekton.dev\" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: no RBAC policy matched " "stacktrace":" github.com/knative/build-pipeline/vendor/github.com/knative/pkg/webhook.(*AdmissionController).Run /usr/local/google/home/jasonhall/go/src/github.com/knative/build-pipeline/vendor/github.com/knative/pkg/webhook/webhook.go:310 main.main /usr/local/google/home/jasonhall/go/src/github.com/knative/build-pipeline/cmd/webhook/main.go:97" } ``` This patch fixes it by adding the missing rules for `deployments/finailizer` resource to the cluster-role.
tektoncd · Mar 1, 2019 · 1d8ddd2 · 1d8ddd2
1 parent 4047696
commit 1d8ddd2
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/config/200-clusterrole.yaml b/config/200-clusterrole.yaml
@@ -9,6 +9,9 @@ rules:
   - apiGroups: ["extensions"]
     resources: ["deployments"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
+  - apiGroups: ["extensions"]
+    resources: ["deployments/finalizers"]
+    verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
   - apiGroups: ["admissionregistration.k8s.io"]
     resources: ["mutatingwebhookconfigurations"]
     verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]