chore: Update manifests after automerge

2025-12-07 02:57:38 +00:00
parent 728f5b144f
commit 051ca9a17e
396 changed files with 97 additions and 787 deletions
--- a/clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-object-bucket.yaml
+++ b/clusters/cl01tl/manifests/rook-ceph/ClusterRole-rook-ceph-object-bucket.yaml
@@ -1,8 +1,4 @@
 ---
-# Source: rook-ceph/charts/rook-ceph/templates/clusterrole.yaml
-# Used for provisioning ObjectBuckets (OBs) in response to ObjectBucketClaims (OBCs).
-# Note: Rook runs a copy of the lib-bucket-provisioner's OBC controller.
-# OBCs can be created in any Kubernetes namespace, so this must be a cluster-scoped role.
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -21,8 +17,6 @@ rules:
  - apiGroups: [""]
    resources: ["secrets", "configmaps"]
    verbs:
-      # OBC controller creates secrets and configmaps containing information for users about how to
-      # connect to object buckets. It deletes them when an OBC is deleted.
      - get
      - create
      - update
@@ -30,41 +24,28 @@ rules:
  - apiGroups: ["storage.k8s.io"]
    resources: ["storageclasses"]
    verbs:
-      # OBC controller gets parameters from the OBC's storageclass
-      # Rook gets additional parameters from the OBC's storageclass
      - get
  - apiGroups: ["objectbucket.io"]
    resources: ["objectbucketclaims"]
    verbs:
-      # OBC controller needs to list/watch OBCs and get latest version of a reconciled OBC
      - list
      - watch
      - get
-      # Ideally, update should not be needed, but the OBC controller updates the OBC with bucket
-      # information outside of the status subresource
      - update
-      # OBC controller does not delete OBCs; users do this
  - apiGroups: ["objectbucket.io"]
    resources: ["objectbuckets"]
    verbs:
-      # OBC controller needs to list/watch OBs and get latest version of a reconciled OB
      - list
      - watch
      - get
-      # OBC controller creates an OB when an OBC's bucket has been provisioned by Ceph, updates them
-      # when an OBC is updated, and deletes them when the OBC is de-provisioned.
      - create
      - update
      - delete
  - apiGroups: ["objectbucket.io"]
    resources: ["objectbucketclaims/status", "objectbuckets/status"]
    verbs:
-      # OBC controller updates OBC and OB statuses
      - update
  - apiGroups: ["objectbucket.io"]
-    # This does not strictly allow the OBC/OB controllers to update finalizers. That is handled by
-    # the direct "update" permissions above. Instead, this allows Rook's controller to create
-    # resources which are owned by OBs/OBCs and where blockOwnerDeletion is set.
    resources: ["objectbucketclaims/finalizers", "objectbuckets/finalizers"]
    verbs:
      - update