github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

e2e: remove "nodes" permission from driver-registrar RBAC

Browse Source 
In the review of
https://github.com/kubernetes-csi/driver-registrar/pull/69 it was
pointed out that the "nodes" permissions are not longer needed.
This commit is contained in:
Patrick Ohly 2018-11-02 12:29:16 +01:00
parent 808557e468
commit 7ba52472b7
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
test/e2e/testing-manifests/storage-csi/driver-registrar/rbac.yaml
View File

@ -24,9 +24,16 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["events"] resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"] verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""] # The following permissions are only needed when running
resources: ["nodes"] # driver-registrar without the --kubelet-registration-path
verbs: ["get", "update", "patch"] # parameter, i.e. when using driver-registrar instead of
# kubelet to update the csi.volume.kubernetes.io/nodeid
# annotation. That mode of operation is going to be deprecated
# and should not be used anymore, but is needed on older
# Kubernetes versions.
# - apiGroups: [""]
# resources: ["nodes"]
# verbs: ["get", "update", "patch"]
--- ---
kind: ClusterRoleBinding kind: ClusterRoleBinding