From 7acfc1d137e25bee0ea8366323de971842856d05 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 15 Feb 2024 23:16:55 +0100
Subject: [PATCH] fix(system-upgrade): Fix permissions for
 system-upgrade-controller-drainer

---
 bootstrap/system-upgrades/clusterrole.yaml | 45 ++++++++++++++--------
 1 file changed, 29 insertions(+), 16 deletions(-)

diff --git a/bootstrap/system-upgrades/clusterrole.yaml b/bootstrap/system-upgrades/clusterrole.yaml
index 627abc1a8..4c8142824 100644
--- a/bootstrap/system-upgrades/clusterrole.yaml
+++ b/bootstrap/system-upgrades/clusterrole.yaml
@@ -68,22 +68,35 @@ metadata:
   name: system-upgrade-controller-drainer
 rules:
   # Needed to evict pods
-  - apiGroups: [""]
-    resources: ["pods/eviction"]
-    verbs: ["create"]
+  - apiGroups:
+      - ""
+    resources:
+      - "pods/eviction"
+    verbs:
+      - "create"
   # Needed to list pods by Node
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "list"]
+  - apiGroups:
+      - ""
+    resources:
+      - "pods"
+    verbs:
+      - "get"
+      - "list"
   # Needed to cordon Nodes
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "patch"]
+  - apiGroups:
+      - ""
+    resources:
+      - "nodes"
+    verbs:
+      - "get"
+      - "patch"
   # Needed to determine Pod owners
-  - apiGroups: ["apps"]
-    resources: ["statefulsets"]
-    verbs: ["get", "list"]
-  # Needed to determine Pod owners
-  - apiGroups: ["extensions"]
-    resources: ["daemonsets", "replicasets"]
-    verbs: ["get", "list"]
+  - apiGroups:
+      - "apps"
+    resources:
+      - "statefulsets"
+      - "daemonsets"
+      - "replicasets"
+    verbs:
+      - "get"
+      - "list"
-- 
GitLab