Removed RBAC authorization for grafana

Grafana doesn't need RBAC authorization to run in the cluster because it doesn't need to access any of the resources.
contiv · Aug 23, 2017 · 28f221e · 28f221e
1 parent efb9602
commit 28f221e
Showing 1 changed file with 2 additions and 30 deletions.
diff --git a/contiv-grafana.yml b/contiv-grafana.yml
@@ -1,38 +1,10 @@
-# Gives Grafana permission to share the cluster
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: grafana
-  namespace: kube-system
-rules:
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["get", "list", "watch"]
-- nonResourceURLs: ["/metrics"]
-  verbs: ["get"]
----
 # Grafana is a process and hence needs service account access
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: grafana
   namespace: kube-system
-# Binds Grafana to the kube-system namespace
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: grafana
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: grafana
-subjects:
-- kind: ServiceAccount
-  name: grafana
-  namespace: kube-system
 # Deploy Grafana as a replicaset with one container
 ---
 apiVersion: extensions/v1beta1
@@ -76,4 +48,4 @@ spec:
     - protocol: TCP
       port: 3000
       nodePort: 32701
-
+