From 78b71bc9b9df5cfb447753360204a6455a70b646 Mon Sep 17 00:00:00 2001
From: David MICHENEAU <david.micheneau@orange.com>
Date: Tue, 12 Nov 2024 10:55:05 +0100
Subject: [PATCH] bug: fix rbac authorization secrets

---
 .changelog/121.txt                      | 3 +++
 internal/controller/kimup_controller.go | 1 +
 manifests/operator/role.yaml            | 6 ++++++
 3 files changed, 10 insertions(+)
 create mode 100644 .changelog/121.txt

diff --git a/.changelog/121.txt b/.changelog/121.txt
new file mode 100644
index 0000000..3e065a1
--- /dev/null
+++ b/.changelog/121.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+`kimup-controller` - Fix rbac authorization to read secrets.
+```
\ No newline at end of file
diff --git a/internal/controller/kimup_controller.go b/internal/controller/kimup_controller.go
index 8effedd..079b730 100644
--- a/internal/controller/kimup_controller.go
+++ b/internal/controller/kimup_controller.go
@@ -35,6 +35,7 @@ type KimupReconciler struct {
 //+kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
diff --git a/manifests/operator/role.yaml b/manifests/operator/role.yaml
index 798f7c5..5b2c640 100644
--- a/manifests/operator/role.yaml
+++ b/manifests/operator/role.yaml
@@ -24,6 +24,12 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
 - apiGroups:
   - admissionregistration.k8s.io
   resources: