Add rbac to delete collection as well.

chart/Chart.yaml

@@ -10,9 +10,9 @@ description: |
 
 type: application
 
-version: 0.2.43
+version: 0.2.44
 
-appVersion: "0.2.43"
+appVersion: "0.2.44"
 
 home: https://github.com/lukaszraczylo/kubernetes-images-sync-operator
 

chart/values.yaml

@@ -12,7 +12,7 @@ sa:
         - ALL
     image:
       repository: ghcr.io/lukaszraczylo/kubernetes-images-sync-operator
-      tag: 0.2.43
+      tag: 0.2.44
     resources:
       limits:
         cpu: 500m

config/rbac/role.yaml

@@ -4,70 +4,71 @@ kind: ClusterRole
 metadata:
   name: impex-mgr
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - batch
-  resources:
-  - cronjobs
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - batch
-  resources:
-  - jobs
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - raczylo.com
-  resources:
-  - '*'
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - raczylo.com
-  resources:
-  - '*/finalizers'
-  verbs:
-  - update
-- apiGroups:
-  - raczylo.com
-  resources:
-  - '*/status'
-  verbs:
-  - get
-  - patch
-  - update
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - create
+      - delete
+      - deletecollection
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+      - deployments
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - batch
+    resources:
+      - cronjobs
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - raczylo.com
+    resources:
+      - "*"
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - raczylo.com
+    resources:
+      - "*/finalizers"
+    verbs:
+      - update
+  - apiGroups:
+      - raczylo.com
+    resources:
+      - "*/status"
+    verbs:
+      - get
+      - patch
+      - update

internal/controller/raczylo.com/clusterimage_controller.go

@@ -345,11 +345,26 @@ func (r *ClusterImageReconciler) createBackupJob(ctx context.Context, clusterIma
 	}
 	defaultCommands = append(defaultCommands, "rm -f /tmp/"+normalisedImageName+".tar")
 
+	// Merge annotations from different sources
+	mergedAnnotations := make(map[string]string)
+	// 1. Add ClusterImageExport metadata annotations
+	for k, v := range clusterImageExport.Annotations {
+		mergedAnnotations[k] = v
+	}
+	// 2. Add ClusterImage metadata annotations
+	for k, v := range clusterImage.Annotations {
+		mergedAnnotations[k] = v
+	}
+	// 3. Add job-specific annotations from spec (these take precedence)
+	for k, v := range clusterImage.Spec.JobAnnotations {
+		mergedAnnotations[k] = v
+	}
+
 	jobParams := shared.JobParams{
 		Name:             fmt.Sprintf("img-export-%s", clusterImage.Name),
 		Namespace:        clusterImage.Namespace,
 		Image:            shared.BACKUP_JOB_IMAGE,
-		Annotations:      clusterImage.Spec.JobAnnotations,
+		Annotations:      mergedAnnotations,
 		Commands:         defaultCommands,
 		ServiceAccount:   "",
 		ImagePullSecrets: clusterImage.Spec.ImagePullSecrets,

internal/controller/raczylo.com/clusterimageexport_controller.go

@@ -400,11 +400,17 @@ func (r *ClusterImageExportReconciler) runCleanupJob(ctx context.Context, cluste
 	backoffLimit := int32(2) // 3 total attempts (initial + 2 retries)
 	ttlSecondsAfterFinished := int32(30) // Delete job 30 seconds after completion
 
-	// Merge controller pod annotations with job annotations
+	// Merge annotations from different sources
 	mergedAnnotations := make(map[string]string)
+	// 1. Add CRD metadata annotations
+	for k, v := range clusterImageExport.Annotations {
+		mergedAnnotations[k] = v
+	}
+	// 2. Add controller pod annotations
 	for k, v := range r.podAnnotations {
 		mergedAnnotations[k] = v
 	}
+	// 3. Add job-specific annotations from spec (these take precedence)
 	for k, v := range clusterImageExport.Spec.JobAnnotations {
 		mergedAnnotations[k] = v
 	}