From a0645f7f57caf3107604afa601e26b759fa72024 Mon Sep 17 00:00:00 2001
From: Michele Mangili <michele.mangili@sysdig.com>
Date: Thu, 20 Jul 2023 17:01:43 +0200
Subject: [PATCH] fix(cluster-scanner): corrected role to support OKD4

---
 charts/cluster-scanner/Chart.yaml           | 2 +-
 charts/cluster-scanner/README.md            | 8 ++++----
 charts/cluster-scanner/templates/role.yaml  | 2 ++
 charts/cluster-scanner/tests/role_test.yaml | 1 +
 charts/sysdig-deploy/Chart.yaml             | 2 +-
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/charts/cluster-scanner/Chart.yaml b/charts/cluster-scanner/Chart.yaml
index 1e21de8be..9dbbd1921 100644
--- a/charts/cluster-scanner/Chart.yaml
+++ b/charts/cluster-scanner/Chart.yaml
@@ -4,7 +4,7 @@ description: Sysdig Cluster Scanner
 
 type: application
 
-version: 0.3.2
+version: 0.3.3
 
 appVersion: "0.1.0"
 home: https://www.sysdig.com/
diff --git a/charts/cluster-scanner/README.md b/charts/cluster-scanner/README.md
index b067d2c3b..a1d5597ac 100644
--- a/charts/cluster-scanner/README.md
+++ b/charts/cluster-scanner/README.md
@@ -25,7 +25,7 @@ $ pre-commit run -a
 $ helm repo add sysdig https://charts.sysdig.com
 $ helm repo update
 $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
-      --create-namespace -n sysdig --version=0.3.2  \
+      --create-namespace -n sysdig --version=0.3.3  \
       --set global.clusterConfig.name=CLUSTER_NAME \
       --set global.sysdig.region=SYSDIG_REGION \
       --set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -55,7 +55,7 @@ To install the chart with the release name `cluster-scanner`, run:
 
 ```console
 $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
-       --create-namespace -n sysdig --version=0.3.2 \
+       --create-namespace -n sysdig --version=0.3.3 \
        --set global.clusterConfig.name=CLUSTER_NAME \
        --set global.sysdig.region=SYSDIG_REGION \
        --set global.sysdig.accessKey=YOUR-KEY-HERE
@@ -146,7 +146,7 @@ Specify each parameter using the **`--set key=value[,key=value]`** argument to `
 
 ```console
 $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
-    --create-namespace -n sysdig --version=0.3.2 \
+    --create-namespace -n sysdig --version=0.3.3 \
     --set global.sysdig.region="us1"
 ```
 
@@ -155,7 +155,7 @@ installing the chart. For example:
 
 ```console
 $ helm upgrade --install sysdig-cluster-scanner sysdig/cluster-scanner \
-    --create-namespace -n sysdig --version=0.3.2 \
+    --create-namespace -n sysdig --version=0.3.3 \
     --values values.yaml
 ```
 
diff --git a/charts/cluster-scanner/templates/role.yaml b/charts/cluster-scanner/templates/role.yaml
index 8a94cea10..79d9be595 100644
--- a/charts/cluster-scanner/templates/role.yaml
+++ b/charts/cluster-scanner/templates/role.yaml
@@ -21,6 +21,8 @@ rules:
 - apiGroups: ["*"]
   resources:
     - "endpoints"
+    # Following is required for OpenShift. See https://docs.openshift.com/container-platform/3.11/architecture/core_concepts/pods_and_services.html#endpoints
+    - "endpoints/restricted"
   resourceNames:
     - {{ include "cluster-scanner.fullname" . }}
   verbs: ["*"]
diff --git a/charts/cluster-scanner/tests/role_test.yaml b/charts/cluster-scanner/tests/role_test.yaml
index 333ff4627..72ee7736a 100644
--- a/charts/cluster-scanner/tests/role_test.yaml
+++ b/charts/cluster-scanner/tests/role_test.yaml
@@ -45,6 +45,7 @@ tests:
             apiGroups: ["*"]
             resources:
               - "endpoints"
+              - "endpoints/restricted"
             resourceNames:
               - test-release-cluster-scanner
             verbs: ["*"]
diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml
index c0f062058..cc669628f 100644
--- a/charts/sysdig-deploy/Chart.yaml
+++ b/charts/sysdig-deploy/Chart.yaml
@@ -36,7 +36,7 @@ dependencies:
   - name: cluster-scanner
     # repository: https://charts.sysdig.com
     repository: file://../cluster-scanner
-    version: ~0.3.2
+    version: ~0.3.3
     alias: clusterScanner
     condition: clusterScanner.enabled
   - name: kspm-collector