From 1d36f45279383a0a9eb333973078945fe5a8beb2 Mon Sep 17 00:00:00 2001
From: dougbtv <dosmith@redhat.com>
Date: Thu, 1 Nov 2018 12:07:01 -0400
Subject: [PATCH] [rbac] Tightens down RBAC for clusterrole

---
 images/multus-daemonset.yml | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/images/multus-daemonset.yml b/images/multus-daemonset.yml
index 3c95513b8..de2fe4c74 100644
--- a/images/multus-daemonset.yml
+++ b/images/multus-daemonset.yml
@@ -26,16 +26,19 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: multus
 rules:
-- apiGroups:
-  - '*'
-  resources:
-  - '*'
-  verbs:
-  - '*'
-- nonResourceURLs:
-  - '*'
-  verbs:
-  - '*'
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - update
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1