From 0e168e8856693a43694214ba343f46f7a658265d Mon Sep 17 00:00:00 2001
From: Philipp Born <98814235+pborn-ionos@users.noreply.github.com>
Date: Mon, 16 Oct 2023 08:35:06 +0200
Subject: [PATCH] fix(rbac): reduce permissions to minimum required (#48)

---
 charts/octopinger/templates/cluster_role.yaml | 36 ++++++++++++++++---
 1 file changed, 31 insertions(+), 5 deletions(-)

diff --git a/charts/octopinger/templates/cluster_role.yaml b/charts/octopinger/templates/cluster_role.yaml
index 0decd75..65b4d63 100644
--- a/charts/octopinger/templates/cluster_role.yaml
+++ b/charts/octopinger/templates/cluster_role.yaml
@@ -6,12 +6,38 @@ metadata:
     {{- include "octopinger.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }}
 rules:
 - apiGroups:
-  - '*'
+  - octopinger.io
   resources:
-  - '*'
+  - octopingers
   verbs:
   - '*'
-- nonResourceURLs:
-  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - pods
   verbs:
-  - '*'
+  - list
+  - get
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - get
+  - update
+  - watch
+  - delete
+  - create
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - list
+  - get
+  - update
+  - watch
+  - delete
+  - create