diff --git a/keda/templates/manager/clusterrole.yaml b/keda/templates/manager/clusterrole.yaml index d5cff9d6..201465b2 100644 --- a/keda/templates/manager/clusterrole.yaml +++ b/keda/templates/manager/clusterrole.yaml @@ -16,6 +16,13 @@ rules: resources: - configmaps - configmaps/status + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - events verbs: - '*' @@ -50,7 +57,11 @@ rules: resources: - '*/scale' verbs: - - '*' + - get + - list + - patch + - update + - watch {{- if and .Values.certificates.autoGenerated ( not .Values.certificates.certManager.enabled ) }} - apiGroups: - admissionregistration.k8s.io @@ -93,12 +104,6 @@ rules: - jobs verbs: - '*' -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - '*' - apiGroups: - eventing.keda.sh resources: @@ -160,6 +165,15 @@ rules: - delete - patch - update +- apiGroups: + - eventing.keda.sh + resources: + - cloudeventsources + verbs: + - create + - delete + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -183,5 +197,13 @@ rules: - get - list - watch +- apiGroups: + - eventing.keda.sh + resources: + - cloudeventsources + verbs: + - get + - list + - watch {{- end -}} {{- end -}} diff --git a/keda/templates/manager/role.yaml b/keda/templates/manager/role.yaml index e2cd4eca..11339be0 100644 --- a/keda/templates/manager/role.yaml +++ b/keda/templates/manager/role.yaml @@ -1,5 +1,4 @@ {{- if .Values.rbac.create }} -{{- if or (and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled)) (.Values.permissions.operator.restrict.secret) }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -13,6 +12,13 @@ metadata: name: {{ .Values.operator.name }} namespace: {{ .Release.Namespace }} rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' +{{- if or (and .Values.certificates.autoGenerated (not .Values.certificates.certManager.enabled)) (.Values.permissions.operator.restrict.secret) }} - apiGroups: - "" resources: