Merge pull request #1404 from mxinden/rm-tpr

rbac: Remove Third Party Resources rules
2025-11-06 19:11:48 +01:00 · 2018-05-31 15:40:36 +02:00 · 2018-05-31 15:40:36 +02:00 · 10bbf403fe
commit 10bbf403fe
parent 49c76ac80f 553d6b0c63
2 changed files with 1 additions and 14 deletions
--- a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
+++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
@ -37,13 +37,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
      local clusterRole = k.rbac.v1.clusterRole;
      local policyRule = clusterRole.rulesType;
      local extensionsRule = policyRule.new() +
                             policyRule.withApiGroups(['extensions']) +
                             policyRule.withResources([
                               'thirdpartyresources',
                             ]) +
                             policyRule.withVerbs(['*']);
      local apiExtensionsRule = policyRule.new() +
                                policyRule.withApiGroups(['apiextensions.k8s.io']) +
                                policyRule.withResources([
@ -106,7 +99,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
                            ]) +
                            policyRule.withVerbs(['list', 'watch']);
-      local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
+      local rules = [apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
      clusterRole.new() +
      clusterRole.mixin.metadata.withName('prometheus-operator') +
--- a/manifests/0prometheus-operator-clusterRole.yaml
+++ b/manifests/0prometheus-operator-clusterRole.yaml
@ -3,12 +3,6 @@ kind: ClusterRole
 metadata:
  name: prometheus-operator
 rules:
 - apiGroups:
  - extensions
  resources:
  - thirdpartyresources
  verbs:
  - '*'
 - apiGroups:
  - apiextensions.k8s.io
  resources: