From 26b35ce36aeaa1446b9d9b8805520e8313b7f412 Mon Sep 17 00:00:00 2001
From: Sathyanarayanan Saravanamuthu <sathyanarays@vmware.com>
Date: Thu, 6 Apr 2023 17:40:52 +0530
Subject: [PATCH] Remove endpoint related RBAC from scheduler cluster role

---
 plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
index d4446990fa5..53bd64ad0c2 100644
--- a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
+++ b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@@ -548,9 +548,6 @@ func ClusterRoles() []rbacv1.ClusterRole {
 		// TODO: scope this to the kube-system namespace
 		rbacv1helpers.NewRule("create").Groups(coordinationGroup).Resources("leases").RuleOrDie(),
 		rbacv1helpers.NewRule("get", "update").Groups(coordinationGroup).Resources("leases").Names("kube-scheduler").RuleOrDie(),
-		// TODO: Remove once we fully migrate to lease in leader-election.
-		rbacv1helpers.NewRule("create").Groups(legacyGroup).Resources("endpoints").RuleOrDie(),
-		rbacv1helpers.NewRule("get", "update").Groups(legacyGroup).Resources("endpoints").Names("kube-scheduler").RuleOrDie(),
 
 		// Fundamental resources
 		rbacv1helpers.NewRule(Read...).Groups(legacyGroup).Resources("nodes").RuleOrDie(),