add patch to access machinetemplate and other component (#5229)

peirulu · web-flow · commit 3726eca575d0 · 2026-03-06T04:37:40.000+05:30
diff --git a/projects/kubernetes/autoscaler/1-35/helm/patches/0001-Set-CAPI-as-default-cloud-provider.patch b/projects/kubernetes/autoscaler/1-35/helm/patches/0001-Set-CAPI-as-default-cloud-provider.patch
@@ -1,7 +1,7 @@
 From c97111ab94b127383135dc718ff89927724adfbb Mon Sep 17 00:00:00 2001
 From: Prow Bot <prow@amazonaws.com>
 Date: Sun, 20 Apr 2025 20:53:39 -0700
-Subject: [PATCH 1/3] Set-CAPI-as-default-cloud-provider
+Subject: [PATCH 1/4] Set-CAPI-as-default-cloud-provider
 
 ---
  cluster-autoscaler/charts/cluster-autoscaler/values.yaml | 2 +-
diff --git a/projects/kubernetes/autoscaler/1-35/helm/patches/0002-Add-image-values.patch b/projects/kubernetes/autoscaler/1-35/helm/patches/0002-Add-image-values.patch
@@ -1,7 +1,7 @@
 From a7dee99f9ad612022fa0e8a20435cdd31e06e0ac Mon Sep 17 00:00:00 2001
 From: Prow Bot <prow@amazonaws.com>
 Date: Tue, 1 Oct 2024 13:51:45 -0700
-Subject: [PATCH 2/3] Add image values
+Subject: [PATCH 2/4] Add image values
 
 ---
  .../templates/deployment.yaml                 | 12 +++++-------
diff --git a/projects/kubernetes/autoscaler/1-35/helm/patches/0003-Authorize-MachinePool-Operations.patch b/projects/kubernetes/autoscaler/1-35/helm/patches/0003-Authorize-MachinePool-Operations.patch
@@ -1,7 +1,7 @@
 From e098a3998cfa2c4a050cb4c5e3e7a3b9b499f416 Mon Sep 17 00:00:00 2001
 From: Prow Bot <prow@amazonaws.com>
 Date: Mon, 22 May 2023 16:56:31 -0400
-Subject: [PATCH 3/3] Authorize MachinePool Operations
+Subject: [PATCH 3/4] Authorize MachinePool Operations
 
 https://github.com/kubernetes/autoscaler/pull/4676 Introduced a bug where the autoscaler runtime fails to reconcile other CAPI machine resources when its ClusterRole is not authorized to list and watch MachinePool resources.
 
diff --git a/projects/kubernetes/autoscaler/1-35/helm/patches/0004-Authorize-Infrastructure-Machine-Templates.patch b/projects/kubernetes/autoscaler/1-35/helm/patches/0004-Authorize-Infrastructure-Machine-Templates.patch
@@ -0,0 +1,40 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Amelia Lu <peirulu@amazon.com>
+Date: Thu, 05 Mar 2026 13:54:00 -0800
+Subject: [PATCH 4/4] Authorize Infrastructure Machine Templates for Scale from
+ Zero
+
+Cluster Autoscaler 1.35 introduced changes that require RBAC permissions
+to access infrastructure machine templates (e.g., vspheremachinetemplates)
+for the scale-from-zero feature. Without these permissions, the autoscaler
+fails with:
+
+  "vspheremachinetemplates.infrastructure.cluster.x-k8s.io is forbidden"
+
+This is documented in the upstream CAPI provider README:
+https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/cloudprovider/clusterapi/README.md#rbac-changes-for-scaling-from-zero
+---
+ .../cluster-autoscaler/templates/clusterrole.yaml | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/cluster-autoscaler/charts/cluster-autoscaler/templates/clusterrole.yaml b/cluster-autoscaler/charts/cluster-autoscaler/templates/clusterrole.yaml
+index 1a6f68cdc..2b3c89f01 100644
+--- a/cluster-autoscaler/charts/cluster-autoscaler/templates/clusterrole.yaml
++++ b/cluster-autoscaler/charts/cluster-autoscaler/templates/clusterrole.yaml
+@@ -175,6 +175,14 @@ rules:
+     - get
+     - patch
+     - update
++  - apiGroups:
++    - infrastructure.cluster.x-k8s.io
++    resources:
++    - '*'
++    verbs:
++    - get
++    - list
++    - watch
+ {{- end }}
+ {{- if .Values.rbac.additionalRules }}
+ {{ toYaml .Values.rbac.additionalRules | indent 2 }}
+-- 
+2.34.1
