From ad4b8d4b9c97dc4cc8e2ea27622c849dcf5fc0ca Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lachance Date: Wed, 8 Apr 2020 16:21:26 -0400 Subject: [PATCH] fix(falco-cluster-role): Add missing privileges for the apps Kubernetes API group Fixes #1064 Signed-off-by: Jean-Philippe Lachance --- .../k8s-using-daemonset/k8s-with-rbac/falco-account.yaml | 3 +++ .../k8s-with-rbac/falco-k8s-audit-account.yaml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml index a079f117..374ec3e4 100644 --- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml +++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml @@ -17,6 +17,9 @@ rules: - apiGroups: ["extensions",""] resources: ["nodes","namespaces","pods","replicationcontrollers","replicasets","services","daemonsets","deployments","events","configmaps"] verbs: ["get","list","watch"] + - apiGroups: ["apps"] + resources: ["daemonsets","deployments","replicasets","statefulsets"] + verbs: ["get","list","watch"] - nonResourceURLs: ["/healthz", "/healthz/*"] verbs: ["get"] --- diff --git a/integrations/k8s-using-deployment/k8s-with-rbac/falco-k8s-audit-account.yaml b/integrations/k8s-using-deployment/k8s-with-rbac/falco-k8s-audit-account.yaml index a0989932..85191373 100644 --- a/integrations/k8s-using-deployment/k8s-with-rbac/falco-k8s-audit-account.yaml +++ b/integrations/k8s-using-deployment/k8s-with-rbac/falco-k8s-audit-account.yaml @@ -17,6 +17,9 @@ rules: - apiGroups: ["extensions",""] resources: ["nodes","namespaces","pods","replicationcontrollers","replicasets","services","daemonsets","deployments","events","configmaps"] verbs: ["get","list","watch"] + - apiGroups: ["apps"] + resources: ["daemonsets","deployments","replicasets","statefulsets"] + verbs: ["get","list","watch"] - nonResourceURLs: ["/healthz", "/healthz/*"] verbs: ["get"] ---