From 3f4eb9be089529bc3c878cf4a79cc8ae86a7bfbe Mon Sep 17 00:00:00 2001
From: holmesb <5072156+holmesb@users.noreply.github.com>
Date: Fri, 30 Apr 2021 15:25:59 +0100
Subject: [PATCH] Fixes issue #7573 - Made Calico permissions compatible with
 v3.18.x (see https://github.com/projectcalico/calico/issues/4557). 
 Specifically, granted watch to custom resources blockaffinities, ipamblocks &
 ipamhandles (#7575)

---
 .../policy_controller/calico/templates/calico-kube-cr.yml.j2     | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
index d4f2f4bff..57cc7b4cd 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-cr.yml.j2
@@ -63,6 +63,7 @@ rules:
       - create
       - update
       - delete
+      - watch
   # kube-controllers manages hostendpoints.
   - apiGroups: ["crd.projectcalico.org"]
     resources: