From ad6e9e1883946fe90a9604536c64b4598e857358 Mon Sep 17 00:00:00 2001
From: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
Date: Thu, 11 Jul 2024 20:16:51 +0530
Subject: [PATCH] fix: Update relay clusterrole to watch pods

Signed-off-by: Anurag Rajawat <anuragsinghrajawat22@gmail.com>
---
 deployments/get/objects.go                           | 5 +++--
 deployments/helm/KubeArmor/templates/RBAC/roles.yaml | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/deployments/get/objects.go b/deployments/get/objects.go
index 24cef66797..c8445aacee 100644
--- a/deployments/get/objects.go
+++ b/deployments/get/objects.go
@@ -6,7 +6,6 @@ package deployments
 import (
 	"strconv"
 
-	cfg "github.com/kubearmor/KubeArmor/KubeArmor/config"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
@@ -14,6 +13,8 @@ import (
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
+
+	cfg "github.com/kubearmor/KubeArmor/KubeArmor/config"
 )
 
 // GetServiceAccount Function
@@ -215,7 +216,7 @@ func GetRelayClusterRole() *rbacv1.ClusterRole {
 			{
 				APIGroups: []string{""},
 				Resources: []string{"pods"},
-				Verbs:     []string{"get", "list"},
+				Verbs:     []string{"list", "watch"},
 			},
 		},
 	}
diff --git a/deployments/helm/KubeArmor/templates/RBAC/roles.yaml b/deployments/helm/KubeArmor/templates/RBAC/roles.yaml
index ff219b5636..a6aa798156 100644
--- a/deployments/helm/KubeArmor/templates/RBAC/roles.yaml
+++ b/deployments/helm/KubeArmor/templates/RBAC/roles.yaml
@@ -68,8 +68,8 @@ rules:
   resources:
   - pods
   verbs:
-  - get
   - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole