From fd4ac433bec23c10ee078c396c1c7f77fedda7f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 14 Nov 2025 14:13:24 +0100
Subject: [PATCH] fix(kyverno): Allow list, watch and get secrets

---
 values/kyverno/values/kyverno.yaml.gotmpl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/values/kyverno/values/kyverno.yaml.gotmpl b/values/kyverno/values/kyverno.yaml.gotmpl
index 202b3ecb..6dd9752a 100644
--- a/values/kyverno/values/kyverno.yaml.gotmpl
+++ b/values/kyverno/values/kyverno.yaml.gotmpl
@@ -21,6 +21,18 @@ reportsController:
     metricsService:
     create: true
 {{ end }}
+admissionController:
+    rbac:
+        clusterRole:
+            extraResources:
+            - apiGroups:
+              - ''
+              resources:
+              - secrets
+              verbs:
+              - get
+              - list
+              - watch
 cleanupController:
     resources:
     limits: