From d8bdd9ed78f3734c9c08f2549bfb25df02fffbea Mon Sep 17 00:00:00 2001
From: Tamal Saha <tamal@appscode.com>
Date: Wed, 3 Jan 2018 03:34:00 -0800
Subject: [PATCH] Reduce operator permissions for service accounts (#270)

---
 hack/deploy/with-rbac.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hack/deploy/with-rbac.yaml b/hack/deploy/with-rbac.yaml
index e85a8d420..bdc9f3dfb 100644
--- a/hack/deploy/with-rbac.yaml
+++ b/hack/deploy/with-rbac.yaml
@@ -63,8 +63,11 @@ rules:
 - apiGroups: [""]
   resources:
   - pods
-  - serviceaccounts
   verbs: ["get", "create", "list", "delete", "deletecollection"]
+- apiGroups: [""]
+  resources:
+  - serviceaccounts
+  verbs: ["get", "create", "patch", "delete"]
 - apiGroups:
   - rbac.authorization.k8s.io
   resources: