mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 11:50:44 +00:00
Merge pull request #70582 from pohly/csi-driver-registrar-rbac
e2e: remove "nodes" permission from driver-registrar RBAC
This commit is contained in:
commit
408973d88e
@ -24,9 +24,16 @@ rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["events"]
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["get", "update", "patch"]
|
||||
# The following permissions are only needed when running
|
||||
# driver-registrar without the --kubelet-registration-path
|
||||
# parameter, i.e. when using driver-registrar instead of
|
||||
# kubelet to update the csi.volume.kubernetes.io/nodeid
|
||||
# annotation. That mode of operation is going to be deprecated
|
||||
# and should not be used anymore, but is needed on older
|
||||
# Kubernetes versions.
|
||||
# - apiGroups: [""]
|
||||
# resources: ["nodes"]
|
||||
# verbs: ["get", "update", "patch"]
|
||||
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
|
Loading…
Reference in New Issue
Block a user