privilegedescalation/headlamp-intel-gpu-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases 9 Wiki Activity

fix: remove create/delete on roles/rolebindings per QA review

Browse Source 
Removes privilege-escalation permissions from RBAC manifest per PRI-554
QA review. The rbac.authorization.k8s.io rule now grants only
get/list/watch on rolebindings (needed for deploy script to verify
existing bindings exist).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Chris Farhood
2026-05-05 00:35:38 +00:00
committed by Gandalf the Greybeard [agent]
parent 70ffaa4920
commit 75464036e4
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deployment/e2e-ci-runner-rbac.yaml
+3 -3
View File
@@ -13,8 +13,8 @@ metadata:
namespace: privilegedescalation-dev
rules:
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles", "rolebindings"]
verbs: ["get", "list", "watch", "create", "delete"]
resources: ["rolebindings"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["configmaps", "serviceaccounts", "events"]
verbs: ["get", "list", "create", "delete"]
@@ -40,4 +40,4 @@ subjects:
roleRef:
kind: Role
name: e2e-ci-runner
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io