From 45939f685a13e308d7d97431e4a1b4834e601ee9 Mon Sep 17 00:00:00 2001
From: Vihang Mehta <vihang@pixielabs.ai>
Date: Tue, 27 Jun 2023 00:49:50 +0000
Subject: [PATCH] Update updater roles necessary for non-operator based viziers

Signed-off-by: Vihang Mehta <vihang@pixielabs.ai>
---
 k8s/vizier/bootstrap/updater_role.yaml | 44 ++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/k8s/vizier/bootstrap/updater_role.yaml b/k8s/vizier/bootstrap/updater_role.yaml
index e457d4ce178..d31be1224ba 100644
--- a/k8s/vizier/bootstrap/updater_role.yaml
+++ b/k8s/vizier/bootstrap/updater_role.yaml
@@ -26,6 +26,15 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  - pods/log
+  verbs:
+  - get
+  - watch
+  - list
 - apiGroups:
   - apps
   resources:
@@ -53,6 +62,41 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  resourceNames:
+  - cloud-conn-election
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - create
+- apiGroups:
+  - px.dev
+  resources:
+  - viziers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - px.dev
+  resources:
+  - viziers/status
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - rbac.authorization.k8s.io
   resources: