updated clusterolebinding

eks-cluster-autoscaler-clusterrolebinding.tf

@@ -5,8 +5,48 @@ resource "kubernetes_cluster_role" "cluster_autoscaler_clusterrole" {
 
   rule {
     api_groups = [""]
-    resources  = ["configmaps", "namespaces", "pods", "services", "nodes", "ingresses", "secrets"]
-    verbs      = ["get", "list", "watch", "create", "patch", "delete"]
+    resources  = ["events", "endpoints"]
+    verbs      = ["create", "patch"]
+
+    api_groups = [""]
+    resources  = ["pods/eviction"]
+    verbs      = ["create"]
+
+    api_groups = [""]
+    resources  = ["pods/status"]
+    verbs      = ["update"]
+
+    api_groups = [""]
+    resources  = ["endpoints"]
+    verbs      = ["get", "update"]
+
+    api_groups = [""]
+    resources  = ["nodes"]
+    verbs      = ["watch", "list", "get", "update"]
+
+    api_groups = [""]
+    resources  = ["pods", "services", "replicationControllers", "persistentvolumeclaims", "persistentvolumes"]
+    verbs      = ["watch", "list", "get"]
+
+    api_groups = ["batch"]
+    resources  = ["jobs", "cronjobs"]
+    verbs      = ["watch", "list", "get"]
+
+    api_groups = ["extensions"]
+    resources  = ["replicasets", "daemonsets"]
+    verbs      = ["watch", "list", "get"]
+
+    api_groups = ["policy"]
+    resources  = ["poddistruptionpolicy"]
+    verbs      = ["watch", "list"]
+
+    api_groups = ["apps"]
+    resources  = ["replicasets", "statefulsets"]
+    verbs      = ["watch", "list", "get"]
+
+    api_groups = ["storage"]
+    resources  = ["storageclass"]
+    verbs      = ["watch", "list", "get"]
   }
 }
 
@@ -18,7 +58,7 @@ resource "kubernetes_cluster_role_binding" "external_dns_role_bind" {
   role_ref {
     api_group = "rbac.authorization.k8s.io"
     kind      = "ClusterRole"
-    name      = "cluster-admin"
+    name      = "cluster-autoscaler"
   }
 
   subject {