From bd4c3ffa39da02e8ce1b6a96ab871d254d663fdf Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Wed, 6 Feb 2019 15:51:57 -0800 Subject: [PATCH] Add additional k8s rbac resources (#514) Falco also needs to list/watch replicasets, daemonsets, and deployments, so add them to the resources list. --- .../k8s-using-daemonset/k8s-with-rbac/falco-account.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml index b3968a79e34..0f7f9ace373 100644 --- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml +++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-account.yaml @@ -15,7 +15,7 @@ metadata: role: security rules: - apiGroups: ["extensions",""] - resources: ["nodes","namespaces","pods","replicationcontrollers","services","events","configmaps"] + resources: ["nodes","namespaces","pods","replicationcontrollers","replicasets","services","daemonsets","deployments","events","configmaps"] verbs: ["get","list","watch"] - nonResourceURLs: ["/healthz", "/healthz/*"] verbs: ["get"]