permission cleanup

Signed-off-by: Peter Balogh <p.balogh.sa@gmail.com>
banzaicloud · Dec 18, 2019 · 467f11b · 467f11b
1 parent 2200e65
commit 467f11b
Showing 1 changed file with 0 additions and 69 deletions.
diff --git a/charts/anchore-policy-validator/templates/validator-rbac.yaml b/charts/anchore-policy-validator/templates/validator-rbac.yaml
@@ -28,7 +28,6 @@ rules:
   - validatingwebhookconfigurations
   verbs:
   - get
-  - create
 - apiGroups:
   - ""
   resources:
@@ -49,74 +48,6 @@ rules:
   - update
   - patch
   - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: auth-delegator-{{ template "anchore-policy-validator.fullname" . }}-default
-roleRef:
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-  name: system:auth-delegator
-subjects:
-- kind: ServiceAccount
-  namespace: {{ .Release.Namespace }}
-  name: {{ template "anchore-policy-validator.fullname" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  annotations:
-  name: {{ template "anchore-policy-validator.fullname" . }}-apiext
-  namespace: kube-system
-rules:
-- apiGroups:
-  - {{ .Values.apiService.group }}
-  resources:
-  - {{ template "anchore-policy-validator.fullname" . }}
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  - namespaces
-  - secrets
-  - configmaps
-  - serviceaccounts
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  namespace: kube-system
-  name: extension-{{ template "anchore-policy-validator.fullname" . }}-authentication-reader-default
-roleRef:
-  kind: Role
-  apiGroup: rbac.authorization.k8s.io
-  name: {{ template "anchore-policy-validator.fullname" . }}-apiext
-subjects:
-- kind: ServiceAccount
-  name: {{ template "anchore-policy-validator.fullname" . }}
-  namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: anchore-unauth-discovery
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:discovery
-subjects:
-- apiGroup: rbac.authorization.k8s.io
-  kind: Group
-  name: system:unauthenticated
-
 {{ if .Values.rbac.psp.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1