calico: fix access to resources from controller
This fixes even more networking issues.
Change-Id: I754656a01e3de8a34055280908b343a1a25a4707
diff --git a/cluster/kube/lib/calico.libsonnet b/cluster/kube/lib/calico.libsonnet
index d0188e0..b5c83a7 100644
--- a/cluster/kube/lib/calico.libsonnet
+++ b/cluster/kube/lib/calico.libsonnet
@@ -170,15 +170,10 @@
rules: [
{
apiGroups: [""],
- resources: ["nodes"],
+ resources: ["nodes", "pods", "namespaces", "serviceaccounts"],
verbs: ["watch", "list", "get"],
},
{
- apiGroups: [""],
- resources: ["pods"],
- verbs: ["get"],
- },
- {
apiGroups: ["networking.k8s.io"],
resources: ["networkpolicies"],
verbs: ["watch", "list"],