From 54fcc9b23ff91a03a94127b1dc144c941bd2c5b5 Mon Sep 17 00:00:00 2001
From: Rashesh Padia <rasheshpadia419@gmail.com>
Date: Sun, 11 May 2025 18:51:56 +0530
Subject: [PATCH] Fix failed to read configmap when deployed using helm chart

E0511 13:04:55.948743       1 main.go:277] "running
security-profiles-operator" err="enable controllers: setup spod-config
controller: get tunables: could not determine selinuxd image: configmaps
\"security-profiles-operator-profile\" is forbidden: User
\"system:serviceaccount:security-profiles-operator:security-profiles-operator\"
cannot get resource \"configmaps\" in API group \"\" in the namespace
\"security-profiles-operator\"" logger="setup"
---
 deploy/helm/templates/static-resources.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deploy/helm/templates/static-resources.yaml b/deploy/helm/templates/static-resources.yaml
index 37927b9a95..6c32db5b80 100644
--- a/deploy/helm/templates/static-resources.yaml
+++ b/deploy/helm/templates/static-resources.yaml
@@ -261,6 +261,14 @@ rules:
   - securitycontextconstraints
   verbs:
   - use
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole