Merge pull request #16 from triggermesh/fix-clusterroles

Sameer Naik · web-flow · commit 0834a9029883 · 2023-02-13T15:12:15.000+05:30
update triggermesh-controller cluster to observe status of pods and replicasets
diff --git a/config/200-clusterroles.yaml b/config/200-clusterroles.yaml
@@ -219,6 +219,7 @@ rules:
   resources:
   - configmaps
   verbs:
+  - get
   - list
   - watch
 - apiGroups:
@@ -250,6 +251,21 @@ rules:
   verbs:
   - list
 
+# Observe status of Pods and their ancestors
+- apiGroups:
+  - ''
+  resources:
+  - pods
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - list
+  - watch
 ---
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -305,6 +321,25 @@ rules:
 
 ---
 
+# This role is used to grant receive adapters read-only access to per-component
+# configurations such as logging, observability and tracing.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: triggermesh-config-watcher
+  labels:
+    app.kubernetes.io/part-of: triggermesh
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - watch
+  - get
+---
+
 # This role provides readonly access to "Source" duck types.
 # All the rules it contains get aggregated into the "source-observer" ClusterRole provided by Knative Eventing.
 # see https://github.com/knative/eventing/blob/release-0.26/docs/spec/sources.md#source-rbac
