Why is create on `events` not part of `admin` cluster role?

[tumido]

Description
We've been receiving requests like the one linked below to grant people access to creating events in their namespace - usually they want to deploy some controller that generates events within their namespace. Default admin cluster role has no write access to events, it allows read only. Investigate why is that the case for a namespace scoped resource like events.

Additional context
operate-first/apps#740 (review)

[tumido]

/kind question

[tumido]

Source:

kubernetes/kubernetes@d56a27f#diff-a999c6ded849744b19ac60e4df000eaacc8633d9f17c70237895fcc9467b6656R78

Reached out to author of kubernetes/kubernetes#34729 to get to the bottom of this and to understand if there are any security concerns associated with this.

[tumido]

As per discussion here: https://kubernetes.slack.com/archives/C0EN96KUY/p1623697369081700

There seems to be no reason for it to be restricted by default. Upstream fix pending: kubernetes/kubernetes#102858

[tumido]

Upstream PR merged. Write access to events will be part of future kubernetes releases 🙂 🎉