From 9762026b9d817cd4e5d22218b2d57dfdd499104e Mon Sep 17 00:00:00 2001 From: Eoin Gallinagh Date: Tue, 3 Oct 2023 12:53:57 +0100 Subject: [PATCH 1/2] fix: remove ServiceAccount binding to the edit role --- config/rbac/edit_role_binding.yaml | 12 ------------ config/rbac/kustomization.yaml | 1 - 2 files changed, 13 deletions(-) delete mode 100644 config/rbac/edit_role_binding.yaml diff --git a/config/rbac/edit_role_binding.yaml b/config/rbac/edit_role_binding.yaml deleted file mode 100644 index 640ae1ba4..000000000 --- a/config/rbac/edit_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-edit-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: edit -subjects: - - kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index a0ff39ff0..05bf4c6cf 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -9,6 +9,5 @@ resources: - role_binding.yaml - instascale_role.yaml - instascale_role_binding.yaml -- edit_role_binding.yaml # We are using this binding as mcad requires this role - leader_election_role.yaml - leader_election_role_binding.yaml From aa18a415df6598f91d20f785dc64a967c140a411 Mon Sep 17 00:00:00 2001 From: Eoin Gallinagh Date: Wed, 4 Oct 2023 11:16:45 +0100 Subject: [PATCH 2/2] add: batch permissions --- config/rbac/role.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 1393982c4..07954b370 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -18,6 +18,17 @@ rules: - patch - update - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - list + - patch + - update + - watch - apiGroups: - apps resources: