From 9e861cf81668d57665efaf5161b86a73236fb86b Mon Sep 17 00:00:00 2001
From: Not Darko <93942788+darkobas2@users.noreply.github.com>
Date: Sat, 15 Mar 2025 13:39:48 +0100
Subject: [PATCH] [calico] fix: kubecontrollersconfigurations list permission
 (#12035)

[WARNING][1] kube-controllers/runconfig.go 193: unable to list KubeControllersConfiguration(default) error=connection is unauthorized: kubecontrollersconfigurations.crd.projectcalico.org "default" is forbidden: User "system:serviceaccount:kube-system:calico-kube-controllers" cannot list resource "kubecontrollersconfigurations" in API group "crd.projectcalico.org" at the cluster scope
---
 .../policy_controller/calico/templates/calico-kube-cr.yml.j2     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
index f74b291d2..2181a9738 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
@@ -101,6 +101,7 @@ rules:
     verbs:
       # read its own config
       - get
+      - list
       # create a default if none exists
       - create
       # update status