From cc69346de92da7bd2b4f51bc3e15320960696a35 Mon Sep 17 00:00:00 2001
From: Danijel Simeunovic <danijel.simeunovic@trumf.no>
Date: Fri, 6 Mar 2026 09:15:19 +0100
Subject: [PATCH] permissions

---
 cluster-resources/policies/secret-cloner.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cluster-resources/policies/secret-cloner.yaml b/cluster-resources/policies/secret-cloner.yaml
index d7cd791..4089b81 100644
--- a/cluster-resources/policies/secret-cloner.yaml
+++ b/cluster-resources/policies/secret-cloner.yaml
@@ -1,16 +1,19 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: kyverno:secrets:view
+  name: kyverno:resources:view
   labels:
     rbac.kyverno.io/aggregate-to-admission-controller: "true"
     rbac.kyverno.io/aggregate-to-reports-controller: "true"
     rbac.kyverno.io/aggregate-to-background-controller: "true"
+    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
+  - pod
+  - replicaset
   verbs:
   - get
   - list
@@ -22,11 +25,14 @@ metadata:
   name: kyverno:secrets:manage
   labels:
     rbac.kyverno.io/aggregate-to-background-controller: "true"
+    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
 rules:
 - apiGroups:
   - ''
   resources:
   - secrets
+  - pod
+  - replicaset
   verbs:
   - create
   - update