From 8d77b40fab07ea78b8784722b9cb05d9eda94eb7 Mon Sep 17 00:00:00 2001
From: Zhiwei Yin <zyin@redhat.com>
Date: Wed, 13 Sep 2023 16:42:47 +0800
Subject: [PATCH] add rbac and env POD_NAME to fix incorrect event refobject
 (#293)

Signed-off-by: Zhiwei Yin <zyin@redhat.com>
---
 pkg/bootstrap/manifests/klusterlet/cluster_role.yaml | 7 +++++++
 pkg/bootstrap/manifests/klusterlet/operator.yaml     | 5 +++++
 2 files changed, 12 insertions(+)

diff --git a/pkg/bootstrap/manifests/klusterlet/cluster_role.yaml b/pkg/bootstrap/manifests/klusterlet/cluster_role.yaml
index 2201c4c2..2b187672 100644
--- a/pkg/bootstrap/manifests/klusterlet/cluster_role.yaml
+++ b/pkg/bootstrap/manifests/klusterlet/cluster_role.yaml
@@ -6,6 +6,13 @@ rules:
 - apiGroups: [""]
   resources: ["secrets", "configmaps", "serviceaccounts"]
   verbs: ["create", "get", "list", "update", "watch", "patch", "delete"]
+# get pods and replicasets is for event creation
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get"]
+- apiGroups: [ "apps" ]
+  resources: [ "replicasets" ]
+  verbs: [ "get" ]
 - apiGroups: ["coordination.k8s.io"]
   resources: ["leases"]
   verbs: ["create", "get", "list", "update", "watch", "patch"]
diff --git a/pkg/bootstrap/manifests/klusterlet/operator.yaml b/pkg/bootstrap/manifests/klusterlet/operator.yaml
index 626d9416..2d7f3ff4 100644
--- a/pkg/bootstrap/manifests/klusterlet/operator.yaml
+++ b/pkg/bootstrap/manifests/klusterlet/operator.yaml
@@ -46,6 +46,11 @@ spec:
           - "/registration-operator"
           - "klusterlet"
           - "--disable-leader-election"
+        env:
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
         securityContext:
           allowPrivilegeEscalation: false
           capabilities: