github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 13:37:30 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #70582 from pohly/csi-driver-registrar-rbac

Browse Source 
e2e: remove "nodes" permission from driver-registrar RBAC
This commit is contained in:
k8s-ci-robot 2018-11-02 18:01:58 -07:00 committed by GitHub
commit 408973d88e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
test/e2e/testing-manifests/storage-csi/driver-registrar/rbac.yaml
View File

@ -24,9 +24,16 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["events"] resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"] verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""] # The following permissions are only needed when running
resources: ["nodes"] # driver-registrar without the --kubelet-registration-path
verbs: ["get", "update", "patch"] # parameter, i.e. when using driver-registrar instead of
# kubelet to update the csi.volume.kubernetes.io/nodeid
# annotation. That mode of operation is going to be deprecated
# and should not be used anymore, but is needed on older
# Kubernetes versions.
# - apiGroups: [""]
# resources: ["nodes"]
# verbs: ["get", "update", "patch"]
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding