remove over privileged rbac from cnao manifest (#413)

Currently the cnao rbac Policy has a segment that elevates the container privileges to all resources, and all verbs. This is too much for the cnao's needs, and also in turn changes scc to anyuid in cnv/okd clusters. Hence, the rbac segment is removed in this commit. Signed-off-by: Ram Lavi <ralavi@redhat.com>
kubevirt · Jun 2, 2020 · 1ce8c55 · 1ce8c55
1 parent 4205fa0
commit 1ce8c55
Showing 1 changed file with 0 additions and 11 deletions.
diff --git a/pkg/components/components.go b/pkg/components/components.go
@@ -308,17 +308,6 @@ func GetClusterRole() *rbacv1.ClusterRole {
 					"watch",
 				},
 			},
-			{
-				APIGroups: []string{
-					"*",
-				},
-				Resources: []string{
-					"*",
-				},
-				Verbs: []string{
-					"*",
-				},
-			},
 		},
 	}
 	return role