From be730b8a4aaad656192d6fdc3abd2feebae5ea59 Mon Sep 17 00:00:00 2001
From: Matt Moore <mattmoor@vmware.com>
Date: Fri, 10 Jul 2020 12:22:33 -0700
Subject: [PATCH] Without this RBAC, leaderelection cannot be enabled.

---
 config/core/roles/controller-clusterroles.yaml | 7 +++++++
 config/core/roles/webhook-clusterrole.yaml     | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/config/core/roles/controller-clusterroles.yaml b/config/core/roles/controller-clusterroles.yaml
index f4a027966de..1b9736689b3 100644
--- a/config/core/roles/controller-clusterroles.yaml
+++ b/config/core/roles/controller-clusterroles.yaml
@@ -133,3 +133,10 @@ rules:
       - "get"
       - "list"
       - "watch"
+
+  # For leader election
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - "leases"
+    verbs: *everything
diff --git a/config/core/roles/webhook-clusterrole.yaml b/config/core/roles/webhook-clusterrole.yaml
index b764a7984cb..d0a26029061 100644
--- a/config/core/roles/webhook-clusterrole.yaml
+++ b/config/core/roles/webhook-clusterrole.yaml
@@ -82,6 +82,13 @@ rules:
       - "sinkbindings/finalizers"
     verbs: *everything
 
+  # For leader election
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - "leases"
+    verbs: *everything
+
   # Necessary for conversion webhook. These are copied from the serving
   # TODO: Do we really need all these permissions?
   - apiGroups: ["apiextensions.k8s.io"]