[#150]: added a new ClusterRole to allow pod metadata queries from the kubeapi

LorenzoTettamanti · LorenzoTettamanti · commit 739dd03ffc1e · 2025-12-19T18:44:12.000+01:00
diff --git a/core/src/testing/rolebinding.yaml b/core/src/testing/rolebinding.yaml
@@ -21,3 +21,25 @@ roleRef:
   kind: Role
   name: coredns-configmap-access
   apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cf-api-pods-access
+rules:
+- apiGroups: [ "" ]
+  resources: [ "pods" ]
+  verbs: [ "get", "list", "watch" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cf-api-pods-access-binding
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: cortexflow
+roleRef:
+  kind: ClusterRole
+  name: cf-api-pods-access
+  apiGroup: rbac.authorization.k8s.io
