fix(install): revert watch rbac

squakez · squakez · commit 757479bc7520 · 2026-02-02T09:12:53.000+01:00
diff --git a/pkg/resources/config/rbac/descoped/operator-cluster-role.yaml b/pkg/resources/config/rbac/descoped/operator-cluster-role.yaml
@@ -193,6 +193,7 @@ rules:
   - get
   - list
   - patch
+  - watch
 # Service Accounts (dynamic SA creation)
 - apiGroups:
   - ""
@@ -203,6 +204,7 @@ rules:
   - delete
   - get
   - list
+  - watch
 # Required to check if a ServiceAccount can access other namespaces resources
 - apiGroups:
   - authorization.k8s.io
diff --git a/pkg/resources/config/rbac/namespaced/operator-role.yaml b/pkg/resources/config/rbac/namespaced/operator-role.yaml
@@ -180,6 +180,17 @@ rules:
   verbs:
   - get
   - list
+# Service Accounts (dynamic SA creation)
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - watch
 # Roles and RoleBindings
 - apiGroups:
   - rbac.authorization.k8s.io
@@ -192,3 +203,4 @@ rules:
   - get
   - list
   - patch
+  - watch
