From 3b8446708131c6384dbaa30d524481712e6bd6f7 Mon Sep 17 00:00:00 2001 From: Tim Collins Date: Thu, 21 Nov 2024 08:47:38 +0000 Subject: [PATCH] fix(argo-workflows): Remove excessive wf controller RBAC permissions Signed-off-by: Tim Collins --- charts/argo-workflows/Chart.yaml | 6 +++--- .../templates/controller/workflow-role.yaml | 21 ------------------- 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml index fb008aa6e..f8ced4949 100644 --- a/charts/argo-workflows/Chart.yaml +++ b/charts/argo-workflows/Chart.yaml @@ -3,7 +3,7 @@ appVersion: v3.6.0 name: argo-workflows description: A Helm chart for Argo Workflows type: application -version: 0.43.0 +version: 0.44.0 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png home: https://github.com/argoproj/argo-helm sources: @@ -16,5 +16,5 @@ annotations: fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252 url: https://argoproj.github.io/argo-helm/pgp_keys.asc artifacthub.io/changes: | - - kind: changed - description: Upgrade Argo Workflows to v3.6.0 + - kind: fixed + description: Remove excessive RBAC privileges from workflow-role. diff --git a/charts/argo-workflows/templates/controller/workflow-role.yaml b/charts/argo-workflows/templates/controller/workflow-role.yaml index 142653726..e99369a26 100644 --- a/charts/argo-workflows/templates/controller/workflow-role.yaml +++ b/charts/argo-workflows/templates/controller/workflow-role.yaml @@ -11,27 +11,6 @@ metadata: namespace: {{ . }} {{- end }} rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - patch - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - apiGroups: - argoproj.io resources: