github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 10:51:29 +00:00
Code Issues Projects Releases Wiki Activity

Revert granting EndpointSlice write access to edit role

Browse Source 
This reverts part of the change introduced by #101203.
This commit is contained in:
Rob Scott 2021-07-13 22:13:07 -07:00
parent d6f2473d08
commit 6c61ee51b9
No known key found for this signature in database
GPG Key ID: D91A796D0CFF0C5D
2 changed files with 0 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
View File

@ -287,8 +287,6 @@ func ClusterRoles() []rbacv1.ClusterRole {
rbacv1helpers.NewRule(Write...).Groups(legacyGroup).Resources("replicationcontrollers", "replicationcontrollers/scale", "serviceaccounts",
"services", "services/proxy", "endpoints", "persistentvolumeclaims", "configmaps", "secrets", "events").RuleOrDie(),
rbacv1helpers.NewRule(Write...).Groups(discoveryGroup).Resources("endpointslices").RuleOrDie(),
rbacv1helpers.NewRule(Write...).Groups(appsGroup).Resources(
"statefulsets", "statefulsets/scale",
"daemonsets",

10
plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml vendored
View File

@ -143,16 +143,6 @@ items:
- deletecollection
- patch
- update
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- apps
resources: