Update helm RBAC to account for pvc failure on 0.35.0

[cayla]

I noticed in v0.35.

E0219 23:53:57.761596       1 reflector.go:204] "Failed to watch" err="failed to list *v1.PersistentVolumeClaim: persistentvolumeclaims is forbidden: User \"system:serviceaccount:kube-system:descheduler\" cannot list resource \"persistentvolumeclaims\" in API group \"\" at the cluster scope" logger="UnhandledError" reflector="k8s.io/client-go/informers/factory.go:161" type="*v1.PersistentVolumeClaim"

I saw it in rbac.yaml

descheduler/kubernetes/base/rbac.yaml

Lines 38 to 40 in bec9cd3

	- apiGroups: [""]
	resources: ["persistentvolumeclaims"]
	verbs: ["get", "watch", "list"]

So I figured this just needed a bump

Description

Checklist

Please ensure your pull request meets the following criteria before submitting
for review, these items will be used by reviewers to assess the quality and
completeness of your changes:

• Code Readability: Is the code easy to understand, well-structured, and consistent with project conventions?
• Naming Conventions: Are variable, function, and structs descriptive and consistent?
• Code Duplication: Is there any repeated code that should be refactored?
• Function/Method Size: Are functions/methods short and focused on a single task?
• Comments & Documentation: Are comments clear, useful, and not excessive? Were comments updated where necessary?
• Error Handling: Are errors handled appropriately ?
• Testing: Are there sufficient unit/integration tests?
• Performance: Are there any obvious performance issues or unnecessary computations?
• Dependencies: Are new dependencies justified ?
• Logging & Monitoring: Is logging used appropriately (not too verbose, not too silent)?
• Backward Compatibility: Does this change break any existing functionality or APIs?
• Resource Management: Are resources (files, connections, memory) managed and released properly?
• PR Description: Is the PR description clear, providing enough context and explaining the motivation for the change?
• Documentation & Changelog: Are README and docs updated if necessary?

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ingvagabund for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @cayla. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Copilot]

Pull request overview

This PR synchronizes the Helm chart's ClusterRole RBAC permissions with the base Kubernetes YAML configuration by adding missing permissions for PersistentVolumeClaims and the metrics.k8s.io API group. These permissions are required for core descheduler functionality but were previously missing from the Helm chart, causing permission errors like the one described in the PR description.

Changes:

• Added unconditional RBAC permissions for metrics.k8s.io API (nodes and pods resources)
• Added unconditional RBAC permissions for PersistentVolumeClaims
• Bumped Helm chart version from 0.35.0 to 0.35.1

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
charts/descheduler/templates/clusterrole.yaml	Added missing RBAC permissions for metrics.k8s.io API and PersistentVolumeClaims to align with base/rbac.yaml
charts/descheduler/Chart.yaml	Bumped chart version from 0.35.0 to 0.35.1 for the bug fix release

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[a7i]

can this be done in a follow-up OR? this needs to be done after the image is published

[cayla]

Apologies, my gitops muscle memory

[a7i]

/ok-to-test

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This chart change adds new RBAC permissions, but Chart.yaml version is still 0.35.0. Helm requires a chart version bump for consumers to pick up template changes (typically bump version patch while keeping appVersion at 0.35.0 if the app didn’t change).

[Copilot]

New ClusterRole rule for PersistentVolumeClaims isn’t covered by the existing helm-unittest suites under charts/descheduler/tests. Consider adding a small test that renders templates/clusterrole.yaml and asserts a rule exists for apiGroup "" + resource "persistentvolumeclaims" with list/watch (and/or get) verbs, to prevent regressions.