From 7f6415830e45a39c56ffc5ac9fc9ef38bcf50025 Mon Sep 17 00:00:00 2001
From: Dipankar Das <dipankardas0115@gmail.com>
Date: Wed, 24 Jan 2024 22:23:22 +0530
Subject: [PATCH] added portforward permission to the read-only kubeconfig

Signed-off-by: Dipankar Das <dipankardas0115@gmail.com>
---
 scripts/gen-readonly-kubeconfig.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/gen-readonly-kubeconfig.sh b/scripts/gen-readonly-kubeconfig.sh
index ce3db90..4c1ca84 100755
--- a/scripts/gen-readonly-kubeconfig.sh
+++ b/scripts/gen-readonly-kubeconfig.sh
@@ -12,7 +12,10 @@ metadata:
   name: crole-customresources-readyonly
   labels:
     rbac.authorization.k8s.io/aggregate-to-view: "true"
-rules: []
+rules:
+- apiGroups: [""]
+  resources: ["pods/portforward"]
+  verbs: ["create"]
 ---
 apiVersion: v1
 kind: ServiceAccount