scope down CNINode RBAC (#279)

haouc · web-flow · commit a916ac09c5ae · 2023-07-11T09:45:31.000-07:00
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -60,10 +60,8 @@ rules:
   - cninodes
   verbs:
   - create
-  - delete
   - get
   - list
-  - patch
   - watch
 - apiGroups:
   - vpcresources.k8s.aws
diff --git a/main.go b/main.go
@@ -79,7 +79,7 @@ func init() {
 // +kubebuilder:rbac:groups=apps,resources=deployments,namespace=kube-system,resourceNames=vpc-resource-controller,verbs=get;list;watch
 // +kubebuilder:rbac:groups=crd.k8s.amazonaws.com,resources=eniconfigs,verbs=get;list;watch
 // +kubebuilder:rbac:groups=vpcresources.k8s.aws,resources=securitygrouppolicies,verbs=get;list;watch
-// +kubebuilder:rbac:groups=vpcresources.k8s.aws,resources=cninodes,verbs=get;list;watch;create;patch;delete
+// +kubebuilder:rbac:groups=vpcresources.k8s.aws,resources=cninodes,verbs=get;list;watch;create
 
 // Migration to leases based leader election
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,namespace=kube-system,verbs=create
