Merge pull request #108 from bytedance/tighten-rbac

Tighten the RBAC permission of manager
bytedance · Aug 2, 2024 · 4189738 · 4189738
2 parents 51fb36c + d3f10a2
commit 4189738
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/config/k8s-resource/rbac/manager-clusterrole.yaml b/config/k8s-resource/rbac/manager-clusterrole.yaml
@@ -100,12 +100,19 @@ rules:
   - mutatingwebhookconfigurations
   verbs:
   - create
-  - delete
   - list
   - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - delete
+  resourceNames:
+  - varmor-resource-mutating-webhook-cfg-debug
 - apiGroups:
   - authentication.k8s.io
   resources:
   - tokenreviews
   verbs:
-  - create
+  - create
diff --git a/manifests/varmor/templates/rbac/manager-clusterrole.yaml b/manifests/varmor/templates/rbac/manager-clusterrole.yaml
@@ -98,9 +98,16 @@ rules:
   - mutatingwebhookconfigurations
   verbs:
   - create
-  - delete
   - list
   - watch
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs:
+  - delete
+  resourceNames:
+  - varmor-resource-mutating-webhook-cfg
 - apiGroups:
   - authentication.k8s.io
   resources: