From 5dee903374accaf36d50713c9f84af4d3f8b669a Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Wed, 4 May 2022 10:47:04 +0300
Subject: [PATCH] Grant service account read-only access to controllers For
 image automation to use a service account to authenticate to container
 registries, the controllers needs read-only access to service accounts.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 manifests/rbac/controller.yaml | 15 ++-------------
 1 file changed, 2 insertions(+), 13 deletions(-)

diff --git a/manifests/rbac/controller.yaml b/manifests/rbac/controller.yaml
index 7fb181c5..7eb0d7fd 100644
--- a/manifests/rbac/controller.yaml
+++ b/manifests/rbac/controller.yaml
@@ -23,6 +23,8 @@ rules:
   resources:
   - namespaces
   - secrets
+  - configmaps
+  - serviceaccounts
   verbs:
   - get
   - list
@@ -34,19 +36,6 @@ rules:
   verbs:
   - create
   - patch
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - configmaps/status
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
 - apiGroups:
   - "coordination.k8s.io"
   resources: