cmd/k8s-operator/deploy: replace wildcards in Kubernetes Operator RBAC role definitions with verbs

cmd/k8s-operator/deploy: replace wildcards in Kubernetes Operator RBAC role definitions with verbs fixes: #13168 Signed-off-by: Pierig Le Saux <pierig@n3xt.io>
2025-08-12 13:48:01 +00:00 · 2024-08-20 09:44:50 -04:00
parent 01aa01f310
commit 2105773874
3 changed files with 45 additions and 10 deletions
--- a/cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/operator-rbac.yaml
@@ -14,10 +14,10 @@ metadata:
 rules:
 - apiGroups: [""]
  resources: ["events", "services", "services/status"]
-  verbs: ["*"]
+  verbs: ["create","delete","deletecollection","get","list","patch","update","watch"]
 - apiGroups: ["networking.k8s.io"]
  resources: ["ingresses", "ingresses/status"]
-  verbs: ["*"]
+  verbs: ["create","delete","deletecollection","get","list","patch","update","watch"]
 - apiGroups: ["networking.k8s.io"]
  resources: ["ingressclasses"]
  verbs: ["get", "list", "watch"]
@@ -49,10 +49,10 @@ metadata:
 rules:
 - apiGroups: [""]
  resources: ["secrets", "serviceaccounts", "configmaps"]
-  verbs: ["*"]
+  verbs: ["create","delete","deletecollection","get","list","patch","update","watch"]
 - apiGroups: ["apps"]
  resources: ["statefulsets", "deployments"]
-  verbs: ["*"]
+  verbs: ["create","delete","deletecollection","get","list","patch","update","watch"]
 - apiGroups: ["discovery.k8s.io"]
  resources: ["endpointslices"]
  verbs: ["get", "list", "watch"]
--- a/cmd/k8s-operator/deploy/chart/templates/proxy-rbac.yaml
+++ b/cmd/k8s-operator/deploy/chart/templates/proxy-rbac.yaml
@@ -15,7 +15,7 @@ metadata:
 rules:
 - apiGroups: [""]
  resources: ["secrets"]
-  verbs: ["*"]
+  verbs: ["create","delete","deletecollection","get","list","patch","update","watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding