Merge pull request #2701 from fluxcd/add-sa-read

Grant service account read-only access to controllers
2026-02-13 19:27:28 +00:00 · 2022-05-04 11:33:15 +03:00 · 2022-05-04 11:33:15 +03:00 · 45876a723c
commit 45876a723c
parent 4dd20af7e0 1ece35e4c5
1 changed files with 20 additions and 10 deletions
--- a/manifests/rbac/controller.yaml
+++ b/manifests/rbac/controller.yaml
@ -23,6 +23,8 @@ rules:
  resources:
  - namespaces
  - secrets
+  - configmaps
+  - serviceaccounts
  verbs:
  - get
  - list
@ -34,19 +36,27 @@ rules:
  verbs:
  - create
  - patch
+# required by leader election
 - apiGroups:
-  - ""
+    - ""
  resources:
-  - configmaps
-  - configmaps/status
+    - configmaps
  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - patch
+    - delete
+- apiGroups:
+    - ""
+  resources:
+    - configmaps/status
+  verbs:
+    - get
+    - update
+    - patch
 - apiGroups:
  - "coordination.k8s.io"
  resources: