chore(prowler): add in-cluster rbac resources

Release-As: 1.8.1
meysam81 · Jan 2, 2025 · 58fad5d · 58fad5d
1 parent 7bb3621
commit 58fad5d
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 0 deletions.
diff --git a/prowler/base/clusterrole.yml b/prowler/base/clusterrole.yml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: prowler
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "configmaps", "nodes", "namespaces"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["rbac.authorization.k8s.io"]
+    resources: ["clusterrolebindings", "rolebindings", "clusterroles", "roles"]
+    verbs: ["get", "list", "watch"]
diff --git a/prowler/base/clusterrolebinding.yml b/prowler/base/clusterrolebinding.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: prowler
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: prowler
+subjects:
+  - kind: ServiceAccount
+    name: prowler
+    namespace: prowler
diff --git a/prowler/base/kustomization.yml b/prowler/base/kustomization.yml
@@ -4,6 +4,8 @@ configMapGenerator:
       - configs.env
 
 resources:
+  - clusterrole.yml
+  - clusterrolebinding.yml
   - service.yml
   - serviceaccount.yml
   - deployment.yml