From d53cff2e2d83fa932a4587b6883eec449ccf8ff6 Mon Sep 17 00:00:00 2001
From: Aravind Ramalingam <60027164+pokearu@users.noreply.github.com>
Date: Fri, 19 Apr 2024 14:03:33 -0700
Subject: [PATCH] Adding namespaces read permissions to eksa controller (#8017)

---
 config/manifest/eksa-components.yaml | 2 ++
 config/rbac/role.yaml                | 2 ++
 controllers/cluster_controller.go    | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/manifest/eksa-components.yaml b/config/manifest/eksa-components.yaml
index 7bd555a4015b..0e1ebe7959d3 100644
--- a/config/manifest/eksa-components.yaml
+++ b/config/manifest/eksa-components.yaml
@@ -7109,6 +7109,8 @@ rules:
   verbs:
   - create
   - delete
+  - get
+  - list
 - apiGroups:
   - ""
   resources:
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
index c678596cc00b..acd2ae7f0898 100644
--- a/config/rbac/role.yaml
+++ b/config/rbac/role.yaml
@@ -29,6 +29,8 @@ rules:
   verbs:
   - create
   - delete
+  - get
+  - list
 - apiGroups:
   - ""
   resources:
diff --git a/controllers/cluster_controller.go b/controllers/cluster_controller.go
index 5322799cad44..953a62d1766b 100644
--- a/controllers/cluster_controller.go
+++ b/controllers/cluster_controller.go
@@ -173,7 +173,7 @@ func (r *ClusterReconciler) SetupWithManager(mgr ctrl.Manager, log logr.Logger)
 // +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;update
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;delete;update;patch
 // +kubebuilder:rbac:groups="",namespace=eksa-system,resources=secrets,verbs=patch;update
-// +kubebuilder:rbac:groups="",resources=namespaces,verbs=create;delete
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;create;delete
 // +kubebuilder:rbac:groups="",resources=nodes,verbs=list
 // +kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=clusterresourcesets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=anywhere.eks.amazonaws.com,resources=clusters;gitopsconfigs;snowmachineconfigs;snowdatacenterconfigs;snowippools;vspheredatacenterconfigs;vspheremachineconfigs;dockerdatacenterconfigs;tinkerbellmachineconfigs;tinkerbelltemplateconfigs;tinkerbelldatacenterconfigs;cloudstackdatacenterconfigs;cloudstackmachineconfigs;nutanixdatacenterconfigs;nutanixmachineconfigs;awsiamconfigs;oidcconfigs;awsiamconfigs;fluxconfigs,verbs=get;list;watch;update;patch