fix permissions for kube-node-decommissioner

Martin Linkhorst · Martin Linkhorst · commit 4008733833d5 · 2025-02-18T11:57:13.000+01:00
* pod list was missing
* node update instead of patch
diff --git a/cluster/manifests/kube-node-decommissioner/01-rbac.yaml b/cluster/manifests/kube-node-decommissioner/01-rbac.yaml
@@ -16,9 +16,12 @@ metadata:
     application: kubernetes
     component: kube-node-decommissioner
 rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["list"]
 - apiGroups: [""]
   resources: ["nodes"]
-  verbs: ["list", "patch"]
+  verbs: ["list", "update"]
 ---
 # This role binding allows service-account "kube-node-decommissioner" to
 # list and patch nodes.
