From 1562a9c2ecea43295eb5b57d604cb2a0ef3d3441 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=BF=98=E5=B0=98?= <78798447@qq.com>
Date: Wed, 29 Jun 2022 15:18:05 +0800
Subject: [PATCH] add missing verbs (#9032)

---
 .../calico/templates/calico-kube-cr.yml.j2             | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
index c6c57b180..f74b291d2 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
@@ -52,10 +52,16 @@ rules:
   # IPAM resources are manipulated when nodes are deleted.
   - apiGroups: ["crd.projectcalico.org"]
     resources:
-      - ippools
       - ipreservations
     verbs:
       - list
+  # Pools are watched to maintain a mapping of blocks to IP pools.
+  - apiGroups: ["crd.projectcalico.org"]
+    resources:
+      - ippools
+    verbs:
+      - list
+      - watch
   - apiGroups: ["crd.projectcalico.org"]
     resources:
       - blockaffinities
@@ -84,8 +90,10 @@ rules:
       - clusterinformations
     verbs:
       - get
+      - list
       - create
       - update
+      - watch
   # KubeControllersConfiguration is where it gets its config
   - apiGroups: ["crd.projectcalico.org"]
     resources:
-- 
GitLab