From 84012648dc4b05ea7d18693021c45fc4722e793b Mon Sep 17 00:00:00 2001
From: Qing Hao <qhao@redhat.com>
Date: Wed, 6 Jul 2022 00:10:11 +0800
Subject: [PATCH] leader election needs to operate configmaps and leases (#261)

Signed-off-by: haoqing0110 <qhao@redhat.com>
---
 deploy/spoke/role.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deploy/spoke/role.yaml b/deploy/spoke/role.yaml
index dc9cf4ea4..fcf13e047 100644
--- a/deploy/spoke/role.yaml
+++ b/deploy/spoke/role.yaml
@@ -6,6 +6,14 @@ metadata:
   name: open-cluster-management:registration-agent
   namespace: open-cluster-management-agent
 rules:
+# leader election needs to operate configmaps and leases
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["create", "get", "list", "update", "watch", "patch"]
+# create hub-kubeconfig and external-managed-registration/work secrets
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]