Add secrets read-only access to RBAC

stefanprodan · stefanprodan · commit 6f8c3816f447 · 2020-09-18T16:11:28.000+03:00
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -13,6 +13,14 @@ rules:
   verbs:
   - create
   - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - source.toolkit.fluxcd.io
   resources:
diff --git a/controllers/bucket_controller.go b/controllers/bucket_controller.go
@@ -56,6 +56,7 @@ type BucketReconciler struct {
 
 // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=buckets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=source.toolkit.fluxcd.io,resources=buckets/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 
 func (r *BucketReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	ctx := context.Background()
