From ddc12c93e5d6ae4d29dcc478a8219479c2853b12 Mon Sep 17 00:00:00 2001
From: Dimitri Koshkin <dimitri.koshkin@nutanix.com>
Date: Thu, 20 Jun 2024 15:46:34 -0700
Subject: [PATCH] fix: RBAC role for namespace-sync controller to watch,list
 namespaces

---
 .../templates/role.yaml                                   | 8 ++++++++
 pkg/controllers/namespacesync/doc.go                      | 1 +
 2 files changed, 9 insertions(+)

diff --git a/charts/cluster-api-runtime-extensions-nutanix/templates/role.yaml b/charts/cluster-api-runtime-extensions-nutanix/templates/role.yaml
index 425573f4a..d16a7d9be 100644
--- a/charts/cluster-api-runtime-extensions-nutanix/templates/role.yaml
+++ b/charts/cluster-api-runtime-extensions-nutanix/templates/role.yaml
@@ -18,6 +18,14 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:
diff --git a/pkg/controllers/namespacesync/doc.go b/pkg/controllers/namespacesync/doc.go
index f96850383..7affbf00d 100644
--- a/pkg/controllers/namespacesync/doc.go
+++ b/pkg/controllers/namespacesync/doc.go
@@ -12,4 +12,5 @@
 //
 // +kubebuilder:rbac:groups=infrastructure.cluster.x-k8s.io;bootstrap.cluster.x-k8s.io;controlplane.cluster.x-k8s.io,resources=*,verbs=get;list;watch;create
 // +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusterclasses,verbs=get;list;watch;create
+// +kubebuilder:rbac:groups="",resources=namespaces,verbs=get;list;watch
 package namespacesync