From b822368e62be75e0eb3a210232e6c61bc52e2334 Mon Sep 17 00:00:00 2001
From: Nikolaos Moraitis <nmoraiti@redhat.com>
Date: Wed, 11 Feb 2026 18:40:33 +0200
Subject: [PATCH] allow ci-operator to read machinesets and machineautoscalers

Signed-off-by: Nikolaos Moraitis <nmoraiti@redhat.com>
---
 .../ci-operator/admin_ci-operator_rbac.yaml   | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/clusters/build-clusters/common/ci-operator/admin_ci-operator_rbac.yaml b/clusters/build-clusters/common/ci-operator/admin_ci-operator_rbac.yaml
index d9e9221d20a33..652f973f361e2 100644
--- a/clusters/build-clusters/common/ci-operator/admin_ci-operator_rbac.yaml
+++ b/clusters/build-clusters/common/ci-operator/admin_ci-operator_rbac.yaml
@@ -461,3 +461,36 @@ subjects:
 - kind: ServiceAccount
   name: ci-operator
   namespace: ci
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ci-operator-machine-reader
+rules:
+- apiGroups:
+  - machine.openshift.io
+  resources:
+  - machinesets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - autoscaling.openshift.io
+  resources:
+  - machineautoscalers
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ci-operator-machine-reader
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: ci-operator-machine-reader
+subjects:
+- kind: ServiceAccount
+  name: ci-operator
+  namespace: ci