update kubearmorclusterrole permissions for nodes,configmaps,pods

Signed-off-by: Aryan-sharma11 <aryan1126.sharma@gmail.com>
kubearmor · Aug 12, 2024 · ca48c1b · ca48c1b
1 parent 433a52d
commit ca48c1b
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/deployments/get/objects.go b/deployments/get/objects.go
@@ -43,9 +43,14 @@ func GetClusterRole() *rbacv1.ClusterRole {
 		Rules: []rbacv1.PolicyRule{
 			{
 				APIGroups: []string{""},
-				Resources: []string{"pods", "nodes", "namespaces", "configmaps"},
+				Resources: []string{"namespaces"},
 				Verbs:     []string{"get", "list", "watch", "update"},
 			},
+			{
+				APIGroups: []string{""},
+				Resources: []string{"pods", "nodes", "configmaps"},
+				Verbs:     []string{"get", "list", "watch"},
+			},
 			{
 				APIGroups: []string{"apps"},
 				Resources: []string{"deployments", "replicasets", "daemonsets", "statefulsets"},

diff --git a/deployments/helm/KubeArmor/templates/RBAC/roles.yaml b/deployments/helm/KubeArmor/templates/RBAC/roles.yaml
@@ -3,18 +3,25 @@ kind: ClusterRole
 metadata:
   name: kubearmor-clusterrole
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+  - update
 - apiGroups:
   - ""
   resources:
   - pods
   - nodes
-  - namespaces
   - configmaps
   verbs:
   - get
   - list
   - watch
-  - update
 - apiGroups:
   - apps
   resources: