fix: serviceaccounts access is needed for v2.9.0 (#283)

After the support for serviceaccounts replication feature is added (#249), the deployment will fail with error `kubernetes-replicator:kubernetes-replicator" cannot list resource "serviceaccounts" in API group "" at the cluster scope` This should be the default RBAC for new installs
mittwald · Jun 20, 2023 · 9a34565 · 9a34565
1 parent 25b3f78
commit 9a34565
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/deploy/helm-chart/kubernetes-replicator/templates/rbac.yaml b/deploy/helm-chart/kubernetes-replicator/templates/rbac.yaml
@@ -22,7 +22,7 @@ rules:
     resources: [ "namespaces" ]
     verbs: [ "get", "watch", "list" ]
   - apiGroups: [""]
-    resources: ["secrets", "configmaps"]
+    resources: ["secrets", "configmaps", "serviceaccounts"]
     verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
   - apiGroups: ["rbac.authorization.k8s.io"]
     resources: ["roles", "rolebindings"]
@@ -47,4 +47,4 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "kubernetes-replicator.fullname" . }}
     namespace: {{ .Release.Namespace | quote }}
-{{- end -}}
+{{- end -}}
diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml
@@ -13,7 +13,7 @@ rules:
   resources: [ "namespaces" ]
   verbs: [ "get", "watch", "list" ]
 - apiGroups: [""] # "" indicates the core API group
-  resources: ["secrets", "configmaps"]
+  resources: ["secrets", "configmaps", "serviceaccounts"]
   verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 - apiGroups: ["rbac.authorization.k8s.io"]
   resources: ["roles", "rolebindings"]