update RBAC to only use verbs that exist for the resources

Signed-off-by: Maximilian Rink <maximilian.rink@telekom.de>
kubernetes · Jul 5, 2023 · 481a733 · 481a733
1 parent 4606cdf
commit 481a733
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 5 deletions.
diff --git a/charts/cluster-autoscaler/Chart.yaml b/charts/cluster-autoscaler/Chart.yaml
@@ -11,4 +11,4 @@ name: cluster-autoscaler
 sources:
   - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler
 type: application
-version: 9.29.1
+version: 9.29.2
diff --git a/charts/cluster-autoscaler/templates/clusterrole.yaml b/charts/cluster-autoscaler/templates/clusterrole.yaml
@@ -151,15 +151,22 @@ rules:
     - cluster.x-k8s.io
     resources:
     - machinedeployments
-    - machinedeployments/scale
     - machinepools
-    - machinepools/scale
     - machines
     - machinesets
     verbs:
     - get
     - list
     - update
     - watch
+  - apiGroups:
+    - cluster.x-k8s.io
+    resources:
+    - machinedeployments/scale
+    - machinepools/scale
+    verbs:
+    - get
+    - patch
+    - update
 {{- end }}
 {{- end -}}
diff --git a/charts/cluster-autoscaler/templates/role.yaml b/charts/cluster-autoscaler/templates/role.yaml
@@ -49,16 +49,23 @@ rules:
     - cluster.x-k8s.io
     resources:
     - machinedeployments
-    - machinedeployments/scale
     - machinepools
-    - machinepools/scale
     - machines
     - machinesets
     verbs:
     - get
     - list
     - update
     - watch
+  - apiGroups:
+    - cluster.x-k8s.io
+    resources:
+    - machinedeployments/scale
+    - machinepools/scale
+    verbs:
+    - get
+    - patch
+    - update
 {{- end }}
 {{- if ( not .Values.rbac.clusterScoped ) }}
   - apiGroups: