From 4787e09e32d63c11e4f801d313efc8d7554d7789 Mon Sep 17 00:00:00 2001
From: michael12312 <jun.wang@fmr.com>
Date: Fri, 19 Jul 2024 14:15:41 +0800
Subject: [PATCH] remove list secret rule

Signed-off-by: michael12312 <jun.wang@fmr.com>
---
 charts/k8sgpt/templates/role.yaml | 151 +++++++++++++++++++++++++++++-
 1 file changed, 149 insertions(+), 2 deletions(-)

diff --git a/charts/k8sgpt/templates/role.yaml b/charts/k8sgpt/templates/role.yaml
index 91c8bec61c..9543193352 100644
--- a/charts/k8sgpt/templates/role.yaml
+++ b/charts/k8sgpt/templates/role.yaml
@@ -7,9 +7,156 @@ metadata:
     {{- include "k8sgpt.labels" . | nindent 4 }}
 rules:
 - apiGroups:
-  - '*'
+  - ""
   resources:
-  - '*'
+  - nodes
+  - nodes/status
+  - namespaces
+  - namespaces/status
+  - pods
+  - pods/status
+  - pods/log
+  - replicationcontrollers/scale
+  - replicationcontrollers/status
+  - services
+  - services/proxy
+  - services/status
+  - configmaps
+  - endpoints
+  - persistentvolumes
+  - persistentvolumes/status
+  - persistentvolumeclaims
+  - persistentvolumeclaims/status
+  - events
+  - componentstatuses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  - replicasets/scale
+  - replicasets/status
+  - deployments
+  - deployments/scale
+  - deployments/status
+  - daemonsets
+  - daemonsets/status
+  - statefulsets
+  - statefulsets/scale
+  - statefulsets/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  - jobs/status
+  - cronjobs
+  - cronjobs/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  - horizontalpodautoscalers/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - ingresses/status
+  - ingressclasses
+  - networkpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  - poddisruptionbudgets/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  - validatingwebhookconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - gateway.networking.k8s.io
+  resources:
+  - gateways
+  - gateways/status
+  - gatewayclasses
+  - gatewayclasses/status
+  - httproutes
+  - httproutes/status
+  - grpcroutes
+  - grpcroutes/status
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - keda.sh
+  resources:
+  - scaledjobs
+  - scaledjobs/status
+  - scaledobjects
+  - scaledobjects/status
+  - clustertriggerauthentications
+  - triggerauthentications
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - aquasecurity.github.io
+  resources:
+  - vulnerabilityreports
+  - clustervulnerabilityreports
+  - configauditreports
+  - clusterconfigauditreports
   verbs:
   - get
   - list