Adds configMap RBAC (#15)

* Adds RBAC to read the azure cluster details configmap - Gives permissions for controller SA to read the `extension-manager-configmap` - Need just need to read a specific one in kube-system * Scoping RBAC down to namespaces doesn't work great - Gets stripped out at some point in the tooling
weaveworks · Oct 26, 2023 · 2e4ddbd · 2e4ddbd
1 parent 0ba7ecd
commit 2e4ddbd
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -4,6 +4,14 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/internal/controller/automatedclusterdiscovery_controller.go b/internal/controller/automatedclusterdiscovery_controller.go
@@ -57,6 +57,7 @@ type AutomatedClusterDiscoveryReconciler struct {
 //+kubebuilder:rbac:groups=clusters.weave.works,resources=automatedclusterdiscoveries/finalizers,verbs=update
 //+kubebuilder:rbac:groups=gitops.weave.works,resources=gitopsclusters,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.