Merge pull request #70582 from pohly/csi-driver-registrar-rbac

e2e: remove "nodes" permission from driver-registrar RBAC
This commit is contained in:
k8s-ci-robot 2018-11-02 18:01:58 -07:00 committed by GitHub
commit 408973d88e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -24,9 +24,16 @@ rules:
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "update", "patch"]
# The following permissions are only needed when running
# driver-registrar without the --kubelet-registration-path
# parameter, i.e. when using driver-registrar instead of
# kubelet to update the csi.volume.kubernetes.io/nodeid
# annotation. That mode of operation is going to be deprecated
# and should not be used anymore, but is needed on older
# Kubernetes versions.
# - apiGroups: [""]
# resources: ["nodes"]
# verbs: ["get", "update", "patch"]
---
kind: ClusterRoleBinding