Remove unwanted RBAC rules from ceph-csi

There are currently unwanted RBAC permission is given for ceph-csi, This PR reduces removes such unwanted RBAC resources. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2025-06-14 18:53:35 +00:00 · 2020-02-11 14:16:21 +05:30
parent 8dcb6a6105
commit d02dfe2dfe
13 changed files with 1 additions and 267 deletions
--- a/charts/ceph-csi-cephfs/templates/provisioner-rules-clusterrole.yaml
+++ b/charts/ceph-csi-cephfs/templates/provisioner-rules-clusterrole.yaml
@ -11,9 +11,6 @@ metadata:
    heritage: {{ .Release.Service }}
    rbac.cephfs.csi.ceph.com/aggregate-to-{{ include "ceph-csi-cephfs.provisioner.fullname" . }}: "true"
 rules:
-  - apiGroups: [""]
-    resources: ["nodes"]
-    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "list"]
@ -29,9 +26,6 @@ rules:
  - apiGroups: [""]
    resources: ["events"]
    verbs: ["list", "watch", "create", "update", "patch"]
-  - apiGroups: ["csi.storage.k8s.io"]
-    resources: ["csinodeinfos"]
-    verbs: ["get", "list", "watch"]
 {{- if .Values.provisioner.attacher.enabled }}
  - apiGroups: ["storage.k8s.io"]
    resources: ["volumeattachments"]