From a22f4c3d148ea4961f49d12c9bf40e6ae5e0fa08 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9gis=20Behmo?= <regis@behmo.com>
Date: Tue, 18 Jul 2023 10:53:06 +0200
Subject: [PATCH] fix: cannot list resource pods

Looks like the vector container now requires new permissions. This was
detected here: https://github.com/openedx/tutor-contrib-aspects/issues/180#issuecomment-1639147060
---
 changelog.d/20230718_105008_regis_fix_k8s_vector_perms.md | 1 +
 tutorcairn/patches/k8s-deployments                        | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/20230718_105008_regis_fix_k8s_vector_perms.md

diff --git a/changelog.d/20230718_105008_regis_fix_k8s_vector_perms.md b/changelog.d/20230718_105008_regis_fix_k8s_vector_perms.md
new file mode 100644
index 0000000..7d207e8
--- /dev/null
+++ b/changelog.d/20230718_105008_regis_fix_k8s_vector_perms.md
@@ -0,0 +1 @@
+- [Bugfix] Fix "cannot list resource 'pods'" on Kubernetes. (by @regisb)
diff --git a/tutorcairn/patches/k8s-deployments b/tutorcairn/patches/k8s-deployments
index cd0ef9f..7139c7e 100644
--- a/tutorcairn/patches/k8s-deployments
+++ b/tutorcairn/patches/k8s-deployments
@@ -2,7 +2,7 @@
 ####### Cairn plugin
 # log collection
 # https://vector.dev/docs/setup/installation/platforms/kubernetes/
-# https://github.com/timberio/vector/blob/master/distribution/kubernetes/vector-agent/resources.yaml
+# https://github.com/vectordotdev/vector/blame/master/distribution/kubernetes/vector-agent/rbac.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -19,8 +19,11 @@ rules:
   - apiGroups:
       - ""
     resources:
+      - namespaces
+      - nodes
       - pods
     verbs:
+      - list
       - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1