From 437189c2138d13f5511e46c4520970da59a81a3e Mon Sep 17 00:00:00 2001
From: qvicksilver <jonathan@sofiero.net>
Date: Mon, 18 May 2020 11:35:45 +0200
Subject: [PATCH] Fix missing permissions for OpenStack
 cloud-controller-manager preventing metrics scraping (#6124)

---
 ...-openstack-cloud-controller-manager-roles.yml.j2 | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2 b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
index 1e8816e29..f89cd4b67 100644
--- a/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
+++ b/roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-roles.yml.j2
@@ -81,6 +81,19 @@ items:
     - list
     - get
     - watch
+  - apiGroups:
+    - authentication.k8s.io
+    resources:
+    - tokenreviews
+    verbs:
+    - create
+  - apiGroups:
+    - authorization.k8s.io
+    resources:
+    - subjectaccessreviews
+    verbs:
+    - create
+
 - apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRole
   metadata: