From ab8f7ddc160e1213e32fd5dde2a67e0f4cc3d6bf Mon Sep 17 00:00:00 2001
From: Felix Kunde <felix-kunde@gmx.de>
Date: Wed, 16 Dec 2020 11:52:03 +0100
Subject: [PATCH] fix clusterrole in helm chart

---
 .../templates/clusterrole.yaml                | 40 ++++++++++++++-----
 1 file changed, 29 insertions(+), 11 deletions(-)

diff --git a/charts/postgres-operator/templates/clusterrole.yaml b/charts/postgres-operator/templates/clusterrole.yaml
index 46113c4f1..165cce7c6 100644
--- a/charts/postgres-operator/templates/clusterrole.yaml
+++ b/charts/postgres-operator/templates/clusterrole.yaml
@@ -44,13 +44,6 @@ rules:
   - get
   - patch
   - update
-# to read configuration from ConfigMaps
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
 # to send events to the CRs
 - apiGroups:
   - ""
@@ -64,14 +57,11 @@ rules:
   - update
   - watch
 # to manage endpoints/configmaps which are also used by Patroni
+{{- if toString .Values.configGeneral.kubernetes_use_configmaps | eq "true" }}
 - apiGroups:
   - ""
   resources:
-{{- if toString .Values.configGeneral.kubernetes_use_configmaps | eq "true" }}
   - configmaps
-{{- else }}
-  - endpoints
-{{- end }}
   verbs:
   - create
   - delete
@@ -81,6 +71,34 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+{{- else }}
+# to read configuration from ConfigMaps
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - create
+  - delete
+  - deletecollection
+  - get
+  - list
+  - patch
+  - update
+  - watch
+{{- end }}
 # to CRUD secrets for database access
 - apiGroups:
   - ""