From e2bfe87ac0c53a2b715fdbc288ca0c8d5c2e03a5 Mon Sep 17 00:00:00 2001
From: Joel Gotsch <joel.gotsch@gmail.com>
Date: Tue, 15 Apr 2025 20:16:02 +0200
Subject: [PATCH] add events and leases resources to postgres-pod role

---
 ...erator-service-account-rbac-openshift.yaml | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/manifests/operator-service-account-rbac-openshift.yaml b/manifests/operator-service-account-rbac-openshift.yaml
index 4c77e5025..3a99ddcdd 100644
--- a/manifests/operator-service-account-rbac-openshift.yaml
+++ b/manifests/operator-service-account-rbac-openshift.yaml
@@ -269,6 +269,27 @@ rules:
   - list
   - patch
   - update
+- apiGroups: [""]
+  resources:
+    - events  # Patroni may log to events
+  verbs:
+    - create
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups: ["coordination.k8s.io"]
+  resources:
+    - leases  # Only if Patroni tries to use K8s Leases
+  verbs:
+    - create
+    - get
+    - list
+    - update
+    - delete
+    - watch
+    - patch
 # Patroni needs to watch and manage config maps
 - apiGroups:
   - ""
@@ -301,6 +322,15 @@ rules:
   - services
   verbs:
   - create
+  # to check nodes for node readiness label
+- apiGroups:
+    - ""
+  resources:
+    - nodes
+  verbs:
+    - get
+    - list
+    - watch
 # to grant privilege to run privileged pods (not needed by default)
 #- apiGroups:
 #  - extensions