From 8d97d43f10babeb23b3b263364e521b6ec6ca40d Mon Sep 17 00:00:00 2001 From: Reed Schalo Date: Wed, 6 Nov 2024 10:34:30 -0800 Subject: [PATCH] fix: scope CRD update permissions --- charts/karpenter/templates/clusterrole-core.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/karpenter/templates/clusterrole-core.yaml b/charts/karpenter/templates/clusterrole-core.yaml index 67540c524548..b979b782a0ee 100644 --- a/charts/karpenter/templates/clusterrole-core.yaml +++ b/charts/karpenter/templates/clusterrole-core.yaml @@ -75,6 +75,7 @@ rules: resourceNames: ["validation.webhook.karpenter.sh", "validation.webhook.config.karpenter.sh"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] + resourceNames: ["ec2nodeclasses.karpenter.k8s.aws", "nodepools.karpenter.sh", "nodeclaims.karpenter.sh"] verbs: ["update"] {{- end }} {{- with .Values.additionalClusterRoleRules -}}