From 160bef7a10cf76933ca8f8da41e2923962dbdcfa Mon Sep 17 00:00:00 2001
From: Gianluca Mardente <gianluca.mardente@gmail.com>
Date: Wed, 25 Feb 2026 08:59:46 +0100
Subject: [PATCH] (bug) Fix drift-detection-manager RBAC in agentless mode

---
 Makefile                                       |  2 +-
 config/default/manager_auth_proxy_patch.yaml   |  2 +-
 config/default/manager_image_patch.yaml        |  4 ++--
 manifest/deployment-agentless.yaml             |  6 +++---
 manifest/deployment-shard.yaml                 |  6 +++---
 manifest/manifest.yaml                         |  6 +++---
 .../drift-detection-manager-in-mgmt-cluster.go |  4 ++--
 ...rift-detection-manager-in-mgmt-cluster.yaml |  4 ++--
 pkg/drift-detection/drift-detection-manager.go |  4 ++--
 .../drift-detection-manager.yaml               |  4 ++--
 ...detection-mgmt_cluster_common_manifest.yaml | 18 +++++++++++++-----
 11 files changed, 34 insertions(+), 26 deletions(-)

diff --git a/Makefile b/Makefile
index e5aef886..895d285a 100644
--- a/Makefile
+++ b/Makefile
@@ -27,7 +27,7 @@ OS ?= $(shell uname -s)
 OS := $(shell echo $(OS) | tr '[:upper:]' '[:lower:]')
 K8S_LATEST_VER ?= $(shell curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
 export CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)
-TAG ?= v1.5.0
+TAG ?= main
 
 .PHONY: all
 all: build
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
index 6443e02d..c5b2205e 100644
--- a/config/default/manager_auth_proxy_patch.yaml
+++ b/config/default/manager_auth_proxy_patch.yaml
@@ -22,7 +22,7 @@ spec:
         - --shard-key=
         - --capi-onboard-annotation=
         - "--v=5"
-        - "--version=v1.5.0"
+        - "--version=main"
         - "--agent-in-mgmt-cluster=false"
         env:
         - name: GOMEMLIMIT
diff --git a/config/default/manager_image_patch.yaml b/config/default/manager_image_patch.yaml
index b2ead457..22ae3140 100644
--- a/config/default/manager_image_patch.yaml
+++ b/config/default/manager_image_patch.yaml
@@ -7,8 +7,8 @@ spec:
   template:
     spec:
       initContainers:
-      - image: docker.io/projectsveltos/addon-controller:v1.5.0
+      - image: docker.io/projectsveltos/addon-controller:main
         name: initialization
       containers:
-      - image: docker.io/projectsveltos/addon-controller:v1.5.0
+      - image: docker.io/projectsveltos/addon-controller:main
         name: controller
diff --git a/manifest/deployment-agentless.yaml b/manifest/deployment-agentless.yaml
index c86df912..8c486e0b 100644
--- a/manifest/deployment-agentless.yaml
+++ b/manifest/deployment-agentless.yaml
@@ -26,7 +26,7 @@ spec:
         - --shard-key=
         - --capi-onboard-annotation=
         - --v=5
-        - --version=v1.5.0
+        - --version=main
         - --agent-in-mgmt-cluster=true
         command:
         - /manager
@@ -39,7 +39,7 @@ spec:
           valueFrom:
             resourceFieldRef:
               resource: limits.cpu
-        image: docker.io/projectsveltos/addon-controller:v1.5.0
+        image: docker.io/projectsveltos/addon-controller:main
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -85,7 +85,7 @@ spec:
         env:
         - name: IS_INITIALIZATION
           value: "true"
-        image: docker.io/projectsveltos/addon-controller:v1.5.0
+        image: docker.io/projectsveltos/addon-controller:main
         name: initialization
       securityContext:
         runAsNonRoot: true
diff --git a/manifest/deployment-shard.yaml b/manifest/deployment-shard.yaml
index a9be967d..ed99770c 100644
--- a/manifest/deployment-shard.yaml
+++ b/manifest/deployment-shard.yaml
@@ -26,7 +26,7 @@ spec:
         - --shard-key={{.SHARD}}
         - --capi-onboard-annotation=
         - --v=5
-        - --version=v1.5.0
+        - --version=main
         - --agent-in-mgmt-cluster=false
         command:
         - /manager
@@ -39,7 +39,7 @@ spec:
           valueFrom:
             resourceFieldRef:
               resource: limits.cpu
-        image: docker.io/projectsveltos/addon-controller:v1.5.0
+        image: docker.io/projectsveltos/addon-controller:main
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -85,7 +85,7 @@ spec:
         env:
         - name: IS_INITIALIZATION
           value: "true"
-        image: docker.io/projectsveltos/addon-controller:v1.5.0
+        image: docker.io/projectsveltos/addon-controller:main
         name: initialization
       securityContext:
         runAsNonRoot: true
diff --git a/manifest/manifest.yaml b/manifest/manifest.yaml
index 4c166bcf..8fcce8c6 100644
--- a/manifest/manifest.yaml
+++ b/manifest/manifest.yaml
@@ -7918,7 +7918,7 @@ spec:
         - --shard-key=
         - --capi-onboard-annotation=
         - --v=5
-        - --version=v1.5.0
+        - --version=main
         - --agent-in-mgmt-cluster=false
         command:
         - /manager
@@ -7931,7 +7931,7 @@ spec:
           valueFrom:
             resourceFieldRef:
               resource: limits.cpu
-        image: docker.io/projectsveltos/addon-controller:v1.5.0
+        image: docker.io/projectsveltos/addon-controller:main
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -7977,7 +7977,7 @@ spec:
         env:
         - name: IS_INITIALIZATION
           value: "true"
-        image: docker.io/projectsveltos/addon-controller:v1.5.0
+        image: docker.io/projectsveltos/addon-controller:main
         name: initialization
       securityContext:
         runAsNonRoot: true
diff --git a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go
index 7b4e7dfc..7b4acad5 100644
--- a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go
+++ b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go
@@ -44,10 +44,10 @@ spec:
         - --cluster-type=
         - --current-cluster=management-cluster
         - --run-mode=do-not-send-updates
-        - --version=v1.5.0
+        - --version=main
         command:
         - /manager
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:47cb5531adfe14d4be2e02f9d93da04c775caea5f67ab4e978ed5667fcb5ffe5
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:bc677632bc882102535e10b52454ef595fbb6efe7bb37b14b870c4a3a4fd3d82
         livenessProbe:
           failureThreshold: 3
           httpGet:
diff --git a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
index f9f9a65a..d63096fa 100644
--- a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
+++ b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml
@@ -26,10 +26,10 @@ spec:
         - --cluster-type=
         - --current-cluster=management-cluster
         - --run-mode=do-not-send-updates
-        - --version=v1.5.0
+        - --version=main
         command:
         - /manager
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:47cb5531adfe14d4be2e02f9d93da04c775caea5f67ab4e978ed5667fcb5ffe5
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:bc677632bc882102535e10b52454ef595fbb6efe7bb37b14b870c4a3a4fd3d82
         livenessProbe:
           failureThreshold: 3
           httpGet:
diff --git a/pkg/drift-detection/drift-detection-manager.go b/pkg/drift-detection/drift-detection-manager.go
index 2570ab78..e732295d 100644
--- a/pkg/drift-detection/drift-detection-manager.go
+++ b/pkg/drift-detection/drift-detection-manager.go
@@ -146,7 +146,7 @@ spec:
         - --cluster-type=
         - --current-cluster=managed-cluster
         - --run-mode=do-not-send-updates
-        - --version=v1.5.0
+        - --version=main
         command:
         - /manager
         env:
@@ -158,7 +158,7 @@ spec:
           valueFrom:
             resourceFieldRef:
               resource: limits.cpu
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:47cb5531adfe14d4be2e02f9d93da04c775caea5f67ab4e978ed5667fcb5ffe5
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:bc677632bc882102535e10b52454ef595fbb6efe7bb37b14b870c4a3a4fd3d82
         livenessProbe:
           failureThreshold: 3
           httpGet:
diff --git a/pkg/drift-detection/drift-detection-manager.yaml b/pkg/drift-detection/drift-detection-manager.yaml
index 8587e59e..ff26c522 100644
--- a/pkg/drift-detection/drift-detection-manager.yaml
+++ b/pkg/drift-detection/drift-detection-manager.yaml
@@ -128,7 +128,7 @@ spec:
         - --cluster-type=
         - --current-cluster=managed-cluster
         - --run-mode=do-not-send-updates
-        - --version=v1.5.0
+        - --version=main
         command:
         - /manager
         env:
@@ -140,7 +140,7 @@ spec:
           valueFrom:
             resourceFieldRef:
               resource: limits.cpu
-        image: docker.io/projectsveltos/drift-detection-manager@sha256:47cb5531adfe14d4be2e02f9d93da04c775caea5f67ab4e978ed5667fcb5ffe5
+        image: docker.io/projectsveltos/drift-detection-manager@sha256:bc677632bc882102535e10b52454ef595fbb6efe7bb37b14b870c4a3a4fd3d82
         livenessProbe:
           failureThreshold: 3
           httpGet:
diff --git a/test/drift-detection-mgmt_cluster_common_manifest.yaml b/test/drift-detection-mgmt_cluster_common_manifest.yaml
index ad98b588..6541b572 100644
--- a/test/drift-detection-mgmt_cluster_common_manifest.yaml
+++ b/test/drift-detection-mgmt_cluster_common_manifest.yaml
@@ -28,13 +28,13 @@ rules:
   - update
   - watch
 - apiGroups:
-  - ""
+  - '*'
   resources:
-  - events
+  - '*'
   verbs:
-  - create
-  - patch
-  - update
+  - get
+  - list
+  - watch
 - apiGroups:
   - authentication.k8s.io
   resources:
@@ -47,6 +47,14 @@ rules:
   - subjectaccessreviews
   verbs:
   - create
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
 - apiGroups:
   - lib.projectsveltos.io
   resources: