Grant service account read-only access to controllers

For image automation to use a service account to authenticate to container registries, the controllers needs read-only access to service accounts. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
2026-02-06 10:55:56 +00:00 · 2022-05-04 10:47:04 +03:00
parent 4dd20af7e0
commit 5dee903374
1 changed files with 2 additions and 13 deletions
--- a/manifests/rbac/controller.yaml
+++ b/manifests/rbac/controller.yaml
@@ -23,6 +23,8 @@ rules:
  resources:
  - namespaces
  - secrets
+  - configmaps
+  - serviceaccounts
  verbs:
  - get
  - list
@@ -34,19 +36,6 @@ rules:
  verbs:
  - create
  - patch
- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - configmaps/status
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
 - apiGroups:
  - "coordination.k8s.io"
  resources: