feat(agent): grant impnetworks list/watch/status-patch RBAC and add NODE_IP env

Author: syscod3

charts/imp/templates/agent/clusterrole.yaml

@@ -20,7 +20,11 @@ rules:
 - apiGroups: ["imp.dev"]
   resources:
     - impnetworks
-  verbs: [get]
+  verbs: [get, list, watch]
+- apiGroups: ["imp.dev"]
+  resources:
+    - impnetworks/status
+  verbs: [get, update, patch]
 - apiGroups: [""]
   resources:
     - events

charts/imp/templates/agent/daemonset.yaml

@@ -41,6 +41,10 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.nodeName
+        - name: NODE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
         - name: FC_KERNEL
           value: {{ .Values.agent.env.kernelPath | required "agent.env.kernelPath is required" | quote }}
         ports:

charts/imp/tests/agent-rbac_test.yaml

@@ -44,7 +44,13 @@ tests:
           content:
             apiGroups: ["imp.dev"]
             resources: [impnetworks]
-            verbs: [get]
+            verbs: [get, list, watch]
+      - contains:
+          path: rules
+          content:
+            apiGroups: ["imp.dev"]
+            resources: [impnetworks/status]
+            verbs: [get, update, patch]
       - contains:
           path: rules
           content:

internal/agent/reconciler.go

@@ -35,6 +35,8 @@ type ImpVMReconciler struct {
 
 // +kubebuilder:rbac:groups=imp.dev,resources=impvms,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups=imp.dev,resources=impvms/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=imp.dev,resources=impnetworks,verbs=get;list;watch
+// +kubebuilder:rbac:groups=imp.dev,resources=impnetworks/status,verbs=get;update;patch
 
 func (r *ImpVMReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := logf.FromContext(ctx).WithValues("node", r.NodeName)