From 17fd367aba73409e3e5637b88e4b4991003f8a73 Mon Sep 17 00:00:00 2001
From: Stano Bocinec <stano@redpanda.com>
Date: Thu, 4 May 2023 16:41:40 +0200
Subject: [PATCH] RBAC - do not use wildcard verb for PVC grant
Signed-off-by: Stano Bocinec <stano@redpanda.com>
---
deploy/chart/local-path-provisioner/templates/clusterrole.yaml | 2 +-
deploy/local-path-storage.yaml | 2 +-
examples/quota/local-path-storage.yaml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/deploy/chart/local-path-provisioner/templates/clusterrole.yaml b/deploy/chart/local-path-provisioner/templates/clusterrole.yaml
index 9d7a9d67..fd4f40b1 100644
--- a/deploy/chart/local-path-provisioner/templates/clusterrole.yaml
+++ b/deploy/chart/local-path-provisioner/templates/clusterrole.yaml
@@ -14,7 +14,7 @@ rules:
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
- verbs: ["*"]
+ verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
diff --git a/deploy/local-path-storage.yaml b/deploy/local-path-storage.yaml
index 6e39a731..3e10c3da 100644
--- a/deploy/local-path-storage.yaml
+++ b/deploy/local-path-storage.yaml
@@ -35,7 +35,7 @@ rules:
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
- verbs: ["*"]
+ verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
diff --git a/examples/quota/local-path-storage.yaml b/examples/quota/local-path-storage.yaml
index 7383806b..136e93c5 100644
--- a/examples/quota/local-path-storage.yaml
+++ b/examples/quota/local-path-storage.yaml
@@ -35,7 +35,7 @@ rules:
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
- verbs: ["*"]
+ verbs: ["get", "list", "watch", "create", "patch", "update", "delete"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "patch"]
--
GitLab