Description

trivy-operator is doing:

_, err := r.clientset.CoreV1().Namespaces().Get(ctx, "openshift-kube-apiserver", metav1.GetOptions{})

to check if it's running on OpenShift.

Because the operator is missing the necessary permission to get namespaces, our logs are filled with errors like the one below:

namespaces "openshift-kube-apiserver" is forbidden: User "system:serviceaccount:trivy:trivy" cannot get resource "namespaces" in API group "" in the namespace "openshift-kube-apiserver"

Checklist

• I've read the guidelines for contributing to this repository.
• I've added tests that prove my fix is effective or that my feature works.
• I've updated the documentation with the relevant information (if needed).
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).