From 26b35ce36aeaa1446b9d9b8805520e8313b7f412 Mon Sep 17 00:00:00 2001
From: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
Date: Thu, 6 Apr 2023 17:40:52 +0530
Subject: [PATCH 1/2] Remove endpoint related RBAC from scheduler cluster role

---
 plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
index d4446990fa5..53bd64ad0c2 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@@ -548,9 +548,6 @@ func ClusterRoles() []rbacv1.ClusterRole {
 		// TODO: scope this to the kube-system namespace
 		rbacv1helpers.NewRule("create").Groups(coordinationGroup).Resources("leases").RuleOrDie(),
 		rbacv1helpers.NewRule("get", "update").Groups(coordinationGroup).Resources("leases").Names("kube-scheduler").RuleOrDie(),
-		// TODO: Remove once we fully migrate to lease in leader-election.
-		rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("endpoints").RuleOrDie(),
-		rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("endpoints").Names("kube-scheduler").RuleOrDie(),
 
 		// Fundamental resources
 		rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("nodes").RuleOrDie(),

From 9363afc6502a33d4f3a29fe052584c2e2318e035 Mon Sep 17 00:00:00 2001
From: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
Date: Mon, 10 Apr 2023 11:18:09 +0530
Subject: [PATCH 2/2] Fixing broken tests

Signed-off-by: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
---
 .../bootstrappolicy/testdata/cluster-roles.yaml   | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
index 3415edc3720..8ac2ecbdcff 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
@@ -757,21 +757,6 @@ items:
     verbs:
     - get
     - update
-  - apiGroups:
-    - ""
-    resources:
-    - endpoints
-    verbs:
-    - create
-  - apiGroups:
-    - ""
-    resourceNames:
-    - kube-scheduler
-    resources:
-    - endpoints
-    verbs:
-    - get
-    - update
   - apiGroups:
     - ""
     resources: