You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/07/01 12:11:46 UTC

[GitHub] [flink-kubernetes-operator] jeesmon commented on a diff in pull request #288: [FLINK-27975] Remove unnecessary RBAC rules from operator

jeesmon commented on code in PR #288:
URL: https://github.com/apache/flink-kubernetes-operator/pull/288#discussion_r911906327


##########
helm/flink-kubernetes-operator/templates/rbac.yaml:
##########
@@ -21,23 +21,14 @@ RBAC rules used to create the operator (cluster)role based on the scope
 */}}
 {{- define "flink-operator.rbacRules" }}
 rules:
-  - apiGroups:
-      - flink-operator
-    resources:
-      - "*"
-    verbs:
-      - "*"
   - apiGroups:
       - ""
     resources:
       - pods
       - services
-      - endpoints
-      - persistentvolumeclaims

Review Comment:
   @morhidi Even if we are adding PVC to operator, operator is not creating/managing PVC. PVC is created outside of operator as I understood. So mounting a persistentVolumeClaim to operator deployment doesn't require this RBAC. `e2e-tests/data/sessionjob-cr.yaml` is a good example for this and that test is passed without the RBAC. Please correct me if I'm wrong.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org