From f8fa60e9eaba8fb77bf145a3e31be9c2d6b31498 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karol=20Go=C5=82=C4=85b?= <kgolab@google.com>
Date: Fri, 8 Jun 2018 18:02:37 +0200
Subject: [PATCH] Limit access to configmaps

---
 .../rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml b/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml
index 970e1c90695..822f3c7b4c1 100644
--- a/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml
+++ b/cluster/addons/rbac/cluster-autoscaler/cluster-autoscaler-rbac.yaml
@@ -45,7 +45,11 @@ rules:
     verbs: ["create", "update", "patch"]
   - apiGroups: [""]
     resources: ["configmaps"]
-    verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
+    verbs: ["create"]
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["cluster-autoscaler-status"]
+    verbs: ["get", "update", "patch", "delete"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1