Use GetAPIReader and fix RBAC

bjee19 · bjee19 · commit 73322c54579b · 2024-02-13T11:13:32.000-08:00
diff --git a/deploy/helm-chart/templates/rbac.yaml b/deploy/helm-chart/templates/rbac.yaml
@@ -21,13 +21,23 @@ rules:
   - namespaces
   - services
   - secrets
-  # FIXME(bjee19): make nodes permission dependent on telemetry being enabled.
-  # https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
-  - nodes
-  - pods
   verbs:
   - list
   - watch
+# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
+# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
 - apiGroups:
   - ""
   resources:
@@ -36,12 +46,11 @@ rules:
   - create
   - patch
 - apiGroups:
-    - apps
+  - apps
   resources:
-    - replicasets
+  - replicasets
   verbs:
-    - list
-    - watch
+  - get
 - apiGroups:
   - discovery.k8s.io
   resources:
diff --git a/deploy/manifests/nginx-gateway.yaml b/deploy/manifests/nginx-gateway.yaml
@@ -32,13 +32,23 @@ rules:
   - namespaces
   - services
   - secrets
-  # FIXME(bjee19): make nodes permission dependent on telemetry being enabled.
-  # https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
-  - nodes
-  - pods
   verbs:
   - list
   - watch
+# FIXME(bjee19): make nodes, pods, replicasets permission dependent on telemetry being enabled.
+# https://github.com/nginxinc/nginx-gateway-fabric/issues/1317.
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
 - apiGroups:
   - ""
   resources:
@@ -47,12 +57,11 @@ rules:
   - create
   - patch
 - apiGroups:
-    - apps
+  - apps
   resources:
-    - replicasets
+  - replicasets
   verbs:
-    - list
-    - watch
+  - get
 - apiGroups:
   - discovery.k8s.io
   resources:
diff --git a/internal/mode/static/manager.go b/internal/mode/static/manager.go
@@ -216,7 +216,7 @@ func StartManager(cfg config.Config) error {
 	}
 
 	dataCollector := telemetry.NewDataCollectorImpl(telemetry.DataCollectorConfig{
-		K8sClientReader:     mgr.GetClient(),
+		K8sClientReader:     mgr.GetAPIReader(),
 		GraphGetter:         processor,
 		ConfigurationGetter: eventHandler,
 		Version:             cfg.Version,

Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,7 @@ func StartManager(cfg config.Config) error {`
`216`	`216`	`}`
`217`	`217`
`218`	`218`	`dataCollector := telemetry.NewDataCollectorImpl(telemetry.DataCollectorConfig{`
`219`		`- K8sClientReader: mgr.GetClient(),`
	`219`	`+ K8sClientReader: mgr.GetAPIReader(),`
`220`	`220`	`GraphGetter: processor,`
`221`	`221`	`ConfigurationGetter: eventHandler,`
`222`	`222`	`Version: cfg.Version,`