Update controller RBAC for ConfigMap and PersistentVolumeClaim

[ChenYi015]

Purpose of this PR

Close #2185

Proposed changes:

• Add list and watch permissions for configmaps
• Add get, list, watch, create, update, patch and delete permissions for persistentvolumeclaims

Change Category

• Bugfix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that could affect existing functionality)
• Documentation update

Checklist

Before submitting your PR, please review the following:

• I have conducted a self-review of my own code.
• I have updated documentation accordingly.
• I have added tests that prove my changes are effective or that my feature works.
• Existing unit tests pass locally with my changes.

Additional Notes

[ChenYi015]

/assign @yuchaoran2011 @vara-bonthu @jacobsalway

[jacobsalway]

/lgtm

This is a subset of the permissions available to the controller service account pre 2.0.0, so I don't see any issue with adding these and creating a 2.0.1 release to fix.

As you said in #2185 (comment), I would imagine these permissions are required for the informers in the caches inside the controller-runtime framework. Not familiar with all the internals but my rough understanding is that a list is required on informer startup while a watch stream is used to stay up to date.

[ChenYi015]

/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ChenYi015, jacobsalway

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ChenYi015]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment