From 28f221e1a389a9a13fa35b2a32d0157dcb5ddb5f Mon Sep 17 00:00:00 2001
From: Arshi <arshiagg@users.noreply.github.com>
Date: Wed, 23 Aug 2017 11:31:34 -0700
Subject: [PATCH] Removed RBAC authorization for grafana

Grafana doesn't need RBAC authorization to run in the cluster because it doesn't need to access any of the resources.
---
 contiv-grafana.yml | 32 ++------------------------------
 1 file changed, 2 insertions(+), 30 deletions(-)

diff --git a/contiv-grafana.yml b/contiv-grafana.yml
index 3ee00fe..45b49ae 100644
--- a/contiv-grafana.yml
+++ b/contiv-grafana.yml
@@ -1,38 +1,10 @@
-# Gives Grafana permission to share the cluster
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: grafana
-  namespace: kube-system
-rules:
-- apiGroups: [""]
-  resources:
-  - pods
-  verbs: ["get", "list", "watch"]
-- nonResourceURLs: ["/metrics"]
-  verbs: ["get"]
----
 # Grafana is a process and hence needs service account access
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: grafana
   namespace: kube-system
-# Binds Grafana to the kube-system namespace
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: grafana
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: grafana
-subjects:
-- kind: ServiceAccount
-  name: grafana
-  namespace: kube-system
 # Deploy Grafana as a replicaset with one container
 ---
 apiVersion: extensions/v1beta1
@@ -76,4 +48,4 @@ spec:
     - protocol: TCP
       port: 3000
       nodePort: 32701
-      
\ No newline at end of file
+