From 74e9b5fd88571b83d3359ec5508d79ef64675e2d Mon Sep 17 00:00:00 2001
From: Seenu Madhavan R <121587872+SeenuMadhavanR@users.noreply.github.com>
Date: Fri, 15 May 2026 12:31:40 +0530
Subject: [PATCH] Add RBAC for Kubernetes 1.36 DRA granular authorization

Adds RBAC permissions required for Kubernetes 1.36 DRA granular status authorization.

This updates the node-local DRA driver ClusterRole to include:

resourceclaims/driver
associated-node:update
associated-node:patch

for the file.dra.example.com driver.
---
 deploy/driver.yaml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/deploy/driver.yaml b/deploy/driver.yaml
index fc0c10f..6e25091 100644
--- a/deploy/driver.yaml
+++ b/deploy/driver.yaml
@@ -22,6 +22,13 @@ rules:
   - apiGroups: ["resource.k8s.io"]
     resources: ["resourceclaims/status"]
     verbs: ["get", "update", "patch"]
+  - apiGroups: ["resource.k8s.io"]
+    resources: ["resourceclaims/driver"]
+    verbs:
+      - associated-node:update
+      - associated-node:patch
+    resourceNames:
+      - "file.dra.example.com"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding