From 50febab1c3736bfbfc638922f7a74e51affb6da1 Mon Sep 17 00:00:00 2001
From: pengli <justdoit.pli@gmail.com>
Date: Sat, 7 Aug 2021 08:21:50 +0800
Subject: [PATCH] avoid forbidden message in the log of controller

Signed-off-by: pengli <justdoit.pli@gmail.com>
---
 deploy/hub/clusterrole.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/deploy/hub/clusterrole.yaml b/deploy/hub/clusterrole.yaml
index 1b0d9aa17..5185db839 100644
--- a/deploy/hub/clusterrole.yaml
+++ b/deploy/hub/clusterrole.yaml
@@ -5,8 +5,11 @@ metadata:
 rules:
 # Allow controller to get/list/watch/create/delete configmaps
 - apiGroups: [""]
-  resources: ["configmaps"]
+  resources: ["configmaps", "pods"]
   verbs: ["get", "list", "watch", "create", "delete", "update"]
+- apiGroups: ["apps"]
+  resources: ["replicasets"]
+  verbs: ["get", "list"]
 # Allow controller to create/patch/update events
 - apiGroups: ["", "events.k8s.io"]
   resources: ["events"]