Merge pull request #117140 from sathyanarays/removeSchedulerEndpointRbac

Remove endpoint related RBAC from scheduler cluster role
2023-04-11 20:21:52 -07:00 · 2023-04-11 20:21:52 -07:00 · 5a53f6bc27
commit 5a53f6bc27
parent 190e861f02 9363afc650
2 changed files with 0 additions and 18 deletions
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@ -548,9 +548,6 @@ func ClusterRoles() []rbacv1.ClusterRole {
 		// TODO: scope this to the kube-system namespace
 		rbacv1helpers.NewRule("create").Groups(coordinationGroup).Resources("leases").RuleOrDie(),
 		rbacv1helpers.NewRule("get", "update").Groups(coordinationGroup).Resources("leases").Names("kube-scheduler").RuleOrDie(),
-		// TODO: Remove once we fully migrate to lease in leader-election.
-		rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("endpoints").RuleOrDie(),
-		rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("endpoints").Names("kube-scheduler").RuleOrDie(),

 		// Fundamental resources
 		rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("nodes").RuleOrDie(),
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml
@ -757,21 +757,6 @@ items:
    verbs:
    - get
    - update
-  - apiGroups:
-    - ""
-    resources:
-    - endpoints
-    verbs:
-    - create
-  - apiGroups:
-    - ""
-    resourceNames:
-    - kube-scheduler
-    resources:
-    - endpoints
-    verbs:
-    - get
-    - update
  - apiGroups:
    - ""
    resources: