From ab92c76c28487ddba7a14589599f55634b379b88 Mon Sep 17 00:00:00 2001 From: Felix Kunde Date: Tue, 26 Jan 2021 17:23:35 +0100 Subject: [PATCH] let examples be clusterroles --- .../templates/clusterrole-postgres-pod.yaml | 2 +- manifests/operator-service-account-rbac.yaml | 2 +- pkg/controller/controller.go | 14 -------------- 3 files changed, 2 insertions(+), 16 deletions(-) diff --git a/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml b/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml index 0c92fa748..33c43822f 100644 --- a/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml +++ b/charts/postgres-operator/templates/clusterrole-postgres-pod.yaml @@ -1,6 +1,6 @@ {{ if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: name: {{ include "postgres-pod.serviceAccountName" . }} labels: diff --git a/manifests/operator-service-account-rbac.yaml b/manifests/operator-service-account-rbac.yaml index 6e69d6d11..966743032 100644 --- a/manifests/operator-service-account-rbac.yaml +++ b/manifests/operator-service-account-rbac.yaml @@ -230,7 +230,7 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 -kind: Role +kind: ClusterRole metadata: name: postgres-pod rules: diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 63d72ce55..288d11995 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -305,20 +305,6 @@ func (c *Controller) initRole() { "verbs": [ "create" ] - }, - { - "apiGroups": [ - "extensions" - ], - "resources": [ - "podsecuritypolicies" - ], - "resourceNames": [ - "privileged" - ], - "verbs": [ - "use" - ] } ] }`, c.PodServiceAccount.Name)