From 1cb7ea9e912a2113e780647172e67949a0ea5555 Mon Sep 17 00:00:00 2001
From: Flegma <Flegma@users.noreply.github.com>
Date: Sun, 26 Apr 2026 20:05:57 +0200
Subject: [PATCH] fix: grant server-creator events permission for boot
 diagnostics

api PR 5stackgg/api#166 (commit 5stackgg/api@cde4e55, merged 2026-04-23)
introduced LoggingService.getEventsForObject() which calls
listNamespacedEvent for boot diagnostics, but the server-creator role
was never granted the events permission, producing 403s in production.

Closes #463
---
 base/api/rbac/role.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/base/api/rbac/role.yaml b/base/api/rbac/role.yaml
index 9ad6b74..db70883 100644
--- a/base/api/rbac/role.yaml
+++ b/base/api/rbac/role.yaml
@@ -51,6 +51,14 @@ rules:
       - pods/log
     verbs:
       - get
+  - apiGroups:
+      - ''
+    resources:
+      - events
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - ''
     resources: