Remove Beats autodiscover RBAC rules (#3322) (#3364)

elastic · Jul 1, 2020 · 668b710 · 668b710
1 parent dd9d61d
commit 668b710
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 44 deletions.
diff --git a/hack/manifest-gen/assets/charts/eck/templates/_helpers.tpl b/hack/manifest-gen/assets/charts/eck/templates/_helpers.tpl
@@ -142,32 +142,3 @@ RBAC permissions
   - delete
 {{- end -}}
 
-
-{{/*
-RBAC permissions on cluster resources.
-These are separate as the user may not have enough permissions to manipulate cluster resources.
-*/}}
-{{- define "cluster.resource.rbac.rules" -}}
-# required to allow the operator to bind service accounts it manages
-# to role that holds permissions needed for Beat autodiscover feature
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-   - clusterrolebindings
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - clusterroles
-  verbs:
-  - bind
-  resourceNames:
-  - elastic-beat-autodiscover
-{{- end -}}
diff --git a/hack/manifest-gen/assets/charts/eck/templates/cluster-role.yaml b/hack/manifest-gen/assets/charts/eck/templates/cluster-role.yaml
@@ -6,21 +6,6 @@ metadata:
   name: {{ .Values.operator.name }}
 rules:
 {{ template "rbac.rules" . | toYaml | indent 2 }}
-{{ template "cluster.resource.rbac.rules" . | toYaml | indent 2 }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: elastic-beat-autodiscover
-rules:
-- apiGroups: [""]
-  resources:
-  - namespaces
-  - pods
-  verbs:
-  - get
-  - watch
-  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole