Merge pull request #130 from hoyho/rbac_secret
minimize rbac permission by setting secrets as optional
This commit is contained in:
Kubernetes Prow Robot
GitHub
@@ -32,9 +32,13 @@ rules:
|
|||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["events"]
|
resources: ["events"]
|
||||||
verbs: ["list", "watch", "create", "update", "patch"]
|
verbs: ["list", "watch", "create", "update", "patch"]
|
||||||
- apiGroups: [""]
|
# Secret permission is optional.
|
||||||
resources: ["secrets"]
|
# Enable it if your driver needs secret.
|
||||||
verbs: ["get", "list"]
|
# For example, `csi.storage.k8s.io/snapshotter-secret-name` is set in VolumeSnapshotClass.
|
||||||
|
# See https://kubernetes-csi.github.io/docs/secrets-and-credentials.html for more details.
|
||||||
|
# - apiGroups: [""]
|
||||||
|
# resources: ["secrets"]
|
||||||
|
# verbs: ["get", "list"]
|
||||||
- apiGroups: ["snapshot.storage.k8s.io"]
|
- apiGroups: ["snapshot.storage.k8s.io"]
|
||||||
resources: ["volumesnapshotclasses"]
|
resources: ["volumesnapshotclasses"]
|
||||||
verbs: ["get", "list", "watch"]
|
verbs: ["get", "list", "watch"]
|
||||||
|
|||||||
Reference in New Issue
Block a user