Remove RBAC authorization for grafana

Grafana doesn't need RBAC authorization to run in the cluster because it doesn't need to access any of the resources.
contiv · Aug 23, 2017 · 21cb08b · 21cb08b
1 parent 693c34a
commit 21cb08b
Showing 1 changed file with 1 addition and 29 deletions.
diff --git a/install/k8s/k8s1.6/contiv-grafana.yml b/install/k8s/k8s1.6/contiv-grafana.yml
@@ -1,38 +1,10 @@
-# Gives Grafana permission to share the cluster
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: grafana
-  namespace: kube-system
-rules:
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["get", "list", "watch"]
-- nonResourceURLs: ["/metrics"]
-  verbs: ["get"]
----
 # Grafana is a process and hence needs service account access
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: grafana
   namespace: kube-system
-# Binds Grafana to the kube-system namespace
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: grafana
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: grafana
-subjects:
-- kind: ServiceAccount
-  name: grafana
-  namespace: kube-system
 # Deploy Grafana as a replicaset with one container
 ---
 apiVersion: extensions/v1beta1