From a11f216a222b66d48754904617e13e25f045e146 Mon Sep 17 00:00:00 2001
From: Markus Wennrich <markus.wennrich@f-i-ts.de>
Date: Fri, 23 Jan 2026 13:07:48 +0100
Subject: [PATCH 1/2] feat: add endpointslices resource to shoot RBAC
 permissions

required by: https://github.com/metal-stack/firewall-controller/pull/208
---
 api/v2/helper/seed_access.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/v2/helper/seed_access.go b/api/v2/helper/seed_access.go
index ec17367..8a35600 100644
--- a/api/v2/helper/seed_access.go
+++ b/api/v2/helper/seed_access.go
@@ -212,7 +212,7 @@ func ensureShootRBAC(ctx context.Context, shootConfig *rest.Config, shootNamespa
 			},
 			{
 				APIGroups: []string{"apiextensions.k8s.io", ""},
-				Resources: []string{"customresourcedefinitions", "services", "endpoints"},
+				Resources: []string{"customresourcedefinitions", "services", "endpoints", "endpointslices"},
 				Verbs:     []string{"get", "create", "update", "list", "watch"},
 			},
 			{

From 61b1866c3ab5341395c817b76ba33214273efd2b Mon Sep 17 00:00:00 2001
From: Markus Wennrich <markus.wennrich@f-i-ts.de>
Date: Fri, 23 Jan 2026 13:24:37 +0100
Subject: [PATCH 2/2] cleaner permissions

---
 api/v2/helper/seed_access.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/v2/helper/seed_access.go b/api/v2/helper/seed_access.go
index 8a35600..6a39bb5 100644
--- a/api/v2/helper/seed_access.go
+++ b/api/v2/helper/seed_access.go
@@ -212,7 +212,12 @@ func ensureShootRBAC(ctx context.Context, shootConfig *rest.Config, shootNamespa
 			},
 			{
 				APIGroups: []string{"apiextensions.k8s.io", ""},
-				Resources: []string{"customresourcedefinitions", "services", "endpoints", "endpointslices"},
+				Resources: []string{"customresourcedefinitions", "services", "endpoints"},
+				Verbs:     []string{"get", "create", "update", "list", "watch"},
+			},
+			{
+				APIGroups: []string{"discovery.k8s.io"},
+				Resources: []string{"endpointslices"},
 				Verbs:     []string{"get", "create", "update", "list", "watch"},
 			},
 			{