From 13e078bc587f0a271d654e5d10bb4bcff466dd22 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <ttsujika@zlab.co.jp>
Date: Fri, 31 May 2024 01:49:46 +0000
Subject: [PATCH] Add Gateway API ClusterRole rules

---
 examples/default/service-account.yaml    |  6 ++++++
 examples/proxyproto/01-nghttpx-rbac.yaml | 18 ++++++++++++++++++
 rc.yaml                                  |  6 ++++++
 3 files changed, 30 insertions(+)

diff --git a/examples/default/service-account.yaml b/examples/default/service-account.yaml
index 84eabdf6..437795ce 100644
--- a/examples/default/service-account.yaml
+++ b/examples/default/service-account.yaml
@@ -21,6 +21,12 @@ rules:
 - apiGroups: ["discovery.k8s.io"]
   resources: ["endpointslices"]
   verbs: ["get", "list", "watch"]
+- apiGroups: ["gateway.networking.k8s.io"]
+  resources: ["gatewayclasses", "gateways", "httproutes"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["gateway.networking.k8s.io"]
+  resources: ["gatewayclasses/status", "gateways/status", "httproutes/status"]
+  verbs: ["update"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/examples/proxyproto/01-nghttpx-rbac.yaml b/examples/proxyproto/01-nghttpx-rbac.yaml
index d96a17e7..91fe2e16 100644
--- a/examples/proxyproto/01-nghttpx-rbac.yaml
+++ b/examples/proxyproto/01-nghttpx-rbac.yaml
@@ -56,6 +56,24 @@ rules:
       - get
       - list
       - watch
+  - apiGroups:
+      - "gateway.networking.k8s.io"
+    resources:
+      - gatewayclasses
+      - gateways
+      - httproutes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - "gateway.networking.k8s.io"
+    resources:
+      - gatewayclasses/status
+      - gateways/status
+      - httproutes/status
+    verbs:
+      - update
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
diff --git a/rc.yaml b/rc.yaml
index f184fbea..659a8d15 100644
--- a/rc.yaml
+++ b/rc.yaml
@@ -21,6 +21,12 @@ rules:
 - apiGroups: ["discovery.k8s.io"]
   resources: ["endpointslices"]
   verbs: ["get", "list", "watch"]
+- apiGroups: ["gateway.networking.k8s.io"]
+  resources: ["gatewayclasses", "gateways", "httproutes"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["gateway.networking.k8s.io"]
+  resources: ["gatewayclasses/status", "gateways/status", "httproutes/status"]
+  verbs: ["update"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1