From d5191f2aa690efa09e62a877bcdcc4de729275dc Mon Sep 17 00:00:00 2001
From: Max <m.myshko00@gmail.com>
Date: Fri, 7 Mar 2025 14:27:27 +0100
Subject: [PATCH] Arrange falcon-sensor clusterrole permissions under correct
 K8s API groups

---
 .../falcon-sensor/templates/clusterrole.yaml  | 34 ++++++++++++++++---
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/helm-charts/falcon-sensor/templates/clusterrole.yaml b/helm-charts/falcon-sensor/templates/clusterrole.yaml
index 064932fc..3a45cdd9 100644
--- a/helm-charts/falcon-sensor/templates/clusterrole.yaml
+++ b/helm-charts/falcon-sensor/templates/clusterrole.yaml
@@ -21,21 +21,45 @@ rules:
   resources:
   - namespaces
   - secrets
-  {{- if .Values.node.enabled }}
+  verbs:
+  - get
+{{- if .Values.node.enabled }}
+- apiGroups:
+  - ""
+  resources:
   - pods
   - services
   - nodes
+  - persistentvolumes
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - apps
+  resources:
   - daemonsets
   - replicasets
   - deployments
+  verbs:
+  - get
+  - watch
+  - list
+- apiGroups:
+  - batch
+  resources:
   - jobs
-  - ingresses
   - cronjobs
-  - persistentvolumes
-  {{- end }}
   verbs:
   - get
-  {{- if .Values.node.enabled }}
+  - watch
+  - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - get
   - watch
   - list
   {{- end }}