update permissions required by kubearmor daemonset

Signed-off-by: Aryan-sharma11 <[email protected]>

deployments/get/objects.go

@@ -43,18 +43,23 @@ func GetClusterRole() *rbacv1.ClusterRole {
 		Rules: []rbacv1.PolicyRule{
 			{
 				APIGroups: []string{""},
-				Resources: []string{"pods", "nodes", "namespaces", "configmaps"},
-				Verbs:     []string{"get", "patch", "list", "watch", "update"},
+				Resources: []string{"namespaces"},
+				Verbs:     []string{"get", "list", "watch", "update"},
+			},
+			{
+				APIGroups: []string{""},
+				Resources: []string{"pods", "nodes", "configmaps"},
+				Verbs:     []string{"get", "list", "watch"},
 			},
 			{
 				APIGroups: []string{"apps"},
 				Resources: []string{"deployments", "replicasets", "daemonsets", "statefulsets"},
-				Verbs:     []string{"get", "patch", "list", "watch", "update"},
+				Verbs:     []string{"get", "list", "watch"},
 			},
 			{
 				APIGroups: []string{"batch"},
 				Resources: []string{"jobs", "cronjobs"},
-				Verbs:     []string{"get", "patch", "list", "watch", "update"},
+				Verbs:     []string{"get", "list", "watch"},
 			},
 			{
 				APIGroups: []string{"security.kubearmor.com"},

deployments/helm/KubeArmor/templates/RBAC/roles.yaml

@@ -3,19 +3,25 @@ kind: ClusterRole
 metadata:
   name: kubearmor-clusterrole
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+  - update
 - apiGroups:
   - ""
   resources:
   - pods
   - nodes
-  - namespaces
   - configmaps
   verbs:
   - get
-  - patch
   - list
   - watch
-  - update
 - apiGroups:
   - apps
   resources:
@@ -25,21 +31,17 @@ rules:
   - statefulsets
   verbs:
   - get
-  - patch
   - list
   - watch
-  - update
 - apiGroups:
   - batch
   resources:
   - jobs
   - cronjobs
   verbs:
   - get
-  - patch
   - list
   - watch
-  - update
 - apiGroups:
   - security.kubearmor.com
   resources: