github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove unneeded permissions of node-controller role

Browse Source 
Signed-off-by: Quan Tian <qtian@vmware.com>
This commit is contained in:
Quan Tian 2024-01-18 15:58:28 +08:00
parent 5ad2c12a69
commit 3a6060745c
2 changed files with 0 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/controller_policy.go
View File

@ -270,7 +270,6 @@ func buildControllerRoles() ([]rbacv1.ClusterRole, []rbacv1.ClusterRoleBinding)
// used for pod deletion // used for pod deletion
rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("pods/status").RuleOrDie(), rbacv1helpers.NewRule("patch", "update").Groups(legacyGroup).Resources("pods/status").RuleOrDie(),
rbacv1helpers.NewRule("list", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(), rbacv1helpers.NewRule("list", "delete").Groups(legacyGroup).Resources("pods").RuleOrDie(),
rbacv1helpers.NewRule("get", "list", "create", "update").Groups(networkingGroup).Resources("clustercidrs").RuleOrDie(),
eventsRule(), eventsRule(),
}, },
} }

9
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/controller-roles.yaml vendored
View File

@ -931,15 +931,6 @@ items:
verbs: verbs:
- delete - delete
- list - list
- apiGroups:
- networking.k8s.io
resources:
- clustercidrs
verbs:
- create
- get
- list
- update
- apiGroups: - apiGroups:
- "" - ""
- events.k8s.io - events.k8s.io