Skip to content

Commit

Permalink
Remove unused ref to hostnetwork in cpo role
Browse files Browse the repository at this point in the history 
The control-plane-operator Role has a rule to allow use of the hostnetwork
SCC, but the control-plane-operator actually runs under the
restricted-v2 SCC.

This change removes the unused rule.
  • Loading branch information
@jmcmeek
jmcmeek authored and openshift-cherrypick-robot committed Mar 22, 2024
1 parent fda0faf commit 2ace4c6
Showing 1 changed file with 0 additions and 6 deletions.
6 changes: 0 additions & 6 deletions hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2790,12 +2790,6 @@ func reconcileControlPlaneOperatorRole(role *rbacv1.Role, enableCVOManagementClu
"watch",
},
},
{
APIGroups: []string{"security.openshift.io"},
ResourceNames: []string{"hostnetwork"},
Resources: []string{"securitycontextconstraints"},
Verbs: []string{"use"},
},
// This is needed for CPO to grant Autoscaler its RBAC policy.
{
APIGroups: []string{"cluster.x-k8s.io"},
Expand Down

0 comments on commit 2ace4c6

Please sign in to comment.