Skip to content

Commit f21ed8d

Browse files
timsntimsn
authored
[FLINK-35310] Replace RBAC verb wildcards with actual verbs
1 parent 8b789ee commit f21ed8d

File tree

1 file changed

+66
-10
lines changed

1 file changed

+66
-10
lines changed

helm/flink-kubernetes-operator/templates/rbac.yaml

Lines changed: 66 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,14 @@ rules:
3030
- configmaps
3131
- secrets
3232
verbs:
33-
- "*"
33+
- get
34+
- list
35+
- watch
36+
- create
37+
- update
38+
- patch
39+
- delete
40+
- deletecollection
3441
{{- if .Values.rbac.nodesRule.create }}
3542
- apiGroups:
3643
- ""
@@ -47,37 +54,74 @@ rules:
4754
- deployments/finalizers
4855
- replicasets
4956
verbs:
50-
- "*"
57+
- get
58+
- list
59+
- watch
60+
- create
61+
- update
62+
- patch
63+
- delete
5164
- apiGroups:
5265
- extensions
5366
resources:
5467
- deployments
5568
- ingresses
5669
verbs:
57-
- "*"
70+
- get
71+
- list
72+
- watch
73+
- create
74+
- update
75+
- patch
76+
- delete
5877
- apiGroups:
5978
- flink.apache.org
6079
resources:
6180
- flinkdeployments
62-
- flinkdeployments/status
6381
- flinkdeployments/finalizers
6482
- flinksessionjobs
65-
- flinksessionjobs/status
6683
- flinksessionjobs/finalizers
6784
verbs:
68-
- "*"
85+
- get
86+
- list
87+
- watch
88+
- create
89+
- update
90+
- patch
91+
- delete
92+
- apiGroups:
93+
- flink.apache.org
94+
resources:
95+
- flinkdeployments/status
96+
- flinksessionjobs/status
97+
verbs:
98+
- get
99+
- update
100+
- patch
69101
- apiGroups:
70102
- networking.k8s.io
71103
resources:
72104
- ingresses
73105
verbs:
74-
- "*"
106+
- get
107+
- list
108+
- watch
109+
- create
110+
- update
111+
- patch
112+
- delete
75113
- apiGroups:
76114
- coordination.k8s.io
77115
resources:
78116
- leases
79117
verbs:
80-
- "*"
118+
- get
119+
- list
120+
- watch
121+
- create
122+
- update
123+
- patch
124+
- delete
81125
{{- end }}
82126

83127
{{/*
@@ -91,14 +135,26 @@ rules:
91135
- pods
92136
- configmaps
93137
verbs:
94-
- '*'
138+
- get
139+
- list
140+
- watch
141+
- create
142+
- update
143+
- patch
144+
- delete
95145
- apiGroups:
96146
- apps
97147
resources:
98148
- deployments
99149
- deployments/finalizers
100150
verbs:
101-
- '*'
151+
- get
152+
- list
153+
- watch
154+
- create
155+
- update
156+
- patch
157+
- delete
102158
{{- end }}
103159

104160
---

0 commit comments

Comments
 (0)