diff --git a/assets/gpu-feature-discovery/0200_role.yaml b/assets/gpu-feature-discovery/0200_role.yaml index 52d1b606f..201042082 100644 --- a/assets/gpu-feature-discovery/0200_role.yaml +++ b/assets/gpu-feature-discovery/0200_role.yaml @@ -12,11 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch diff --git a/assets/state-device-plugin/0200_role.yaml b/assets/state-device-plugin/0200_role.yaml index 8d9b6691a..e188d60b5 100644 --- a/assets/state-device-plugin/0200_role.yaml +++ b/assets/state-device-plugin/0200_role.yaml @@ -12,11 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch diff --git a/assets/state-driver/0200_role.yaml b/assets/state-driver/0200_role.yaml index 604c2a3df..a2cb330e6 100644 --- a/assets/state-driver/0200_role.yaml +++ b/assets/state-driver/0200_role.yaml @@ -12,20 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' diff --git a/assets/state-mig-manager/0200_role.yaml b/assets/state-mig-manager/0200_role.yaml index 0e9c291e8..4373fa362 100644 --- a/assets/state-mig-manager/0200_role.yaml +++ b/assets/state-mig-manager/0200_role.yaml @@ -16,6 +16,5 @@ rules: - "" resources: - pods - - nodes verbs: - '*' diff --git a/assets/state-mps-control-daemon/0200_role.yaml b/assets/state-mps-control-daemon/0200_role.yaml index 808c51e7f..1152135fe 100644 --- a/assets/state-mps-control-daemon/0200_role.yaml +++ b/assets/state-mps-control-daemon/0200_role.yaml @@ -12,12 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - watch - diff --git a/assets/state-node-status-exporter/0200_role.yaml b/assets/state-node-status-exporter/0200_role.yaml index 52476b451..da164c69d 100644 --- a/assets/state-node-status-exporter/0200_role.yaml +++ b/assets/state-node-status-exporter/0200_role.yaml @@ -16,7 +16,6 @@ rules: - "" resources: - pods - - nodes verbs: - get - list diff --git a/assets/state-operator-validation/0200_role.yaml b/assets/state-operator-validation/0200_role.yaml index ef07efc03..b67209295 100644 --- a/assets/state-operator-validation/0200_role.yaml +++ b/assets/state-operator-validation/0200_role.yaml @@ -16,7 +16,6 @@ rules: - "" resources: - pods - - nodes verbs: - '*' - apiGroups: @@ -26,9 +25,3 @@ rules: - daemonsets verbs: - '*' -- apiGroups: - - nvidia.com - resources: - - clusterpolicies/finalizers - verbs: - - '*' diff --git a/assets/state-sandbox-device-plugin/0200_role.yaml b/assets/state-sandbox-device-plugin/0200_role.yaml index 3e37487ce..2f5085e51 100644 --- a/assets/state-sandbox-device-plugin/0200_role.yaml +++ b/assets/state-sandbox-device-plugin/0200_role.yaml @@ -12,11 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - "get" diff --git a/assets/state-sandbox-validation/0200_role.yaml b/assets/state-sandbox-validation/0200_role.yaml index d27405101..79da66ff7 100644 --- a/assets/state-sandbox-validation/0200_role.yaml +++ b/assets/state-sandbox-validation/0200_role.yaml @@ -12,9 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - nodes - verbs: - - get diff --git a/assets/state-vgpu-manager/0200_role.yaml b/assets/state-vgpu-manager/0200_role.yaml index 834cf6d15..5b6818ca0 100644 --- a/assets/state-vgpu-manager/0200_role.yaml +++ b/assets/state-vgpu-manager/0200_role.yaml @@ -12,11 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - "get" diff --git a/assets/state-vgpu-manager/0210_clusterrole.yaml b/assets/state-vgpu-manager/0210_clusterrole.yaml index e088f3d4a..208afaf00 100644 --- a/assets/state-vgpu-manager/0210_clusterrole.yaml +++ b/assets/state-vgpu-manager/0210_clusterrole.yaml @@ -20,3 +20,9 @@ rules: - list - patch - watch +- apiGroups: + - "" + resources: + - pods/eviction + verbs: + - get diff --git a/internal/state/testdata/golden/driver-additional-configs.yaml b/internal/state/testdata/golden/driver-additional-configs.yaml index f4eb1a5d4..c0c9ffdcd 100644 --- a/internal/state/testdata/golden/driver-additional-configs.yaml +++ b/internal/state/testdata/golden/driver-additional-configs.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-full-spec.yaml b/internal/state/testdata/golden/driver-full-spec.yaml index c3df3c898..9a033a30a 100644 --- a/internal/state/testdata/golden/driver-full-spec.yaml +++ b/internal/state/testdata/golden/driver-full-spec.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml b/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml index 77c7ce7c3..f43dfd8a8 100644 --- a/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml +++ b/internal/state/testdata/golden/driver-gdrcopy-openshift.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-gdrcopy.yaml b/internal/state/testdata/golden/driver-gdrcopy.yaml index b310cf932..df73dd8b0 100644 --- a/internal/state/testdata/golden/driver-gdrcopy.yaml +++ b/internal/state/testdata/golden/driver-gdrcopy.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-gds.yaml b/internal/state/testdata/golden/driver-gds.yaml index c3f83abbd..906efeb68 100644 --- a/internal/state/testdata/golden/driver-gds.yaml +++ b/internal/state/testdata/golden/driver-gds.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-minimal.yaml b/internal/state/testdata/golden/driver-minimal.yaml index 4feebe5ef..a157671bb 100644 --- a/internal/state/testdata/golden/driver-minimal.yaml +++ b/internal/state/testdata/golden/driver-minimal.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml b/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml index ab29eca7d..5ea43da45 100644 --- a/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml +++ b/internal/state/testdata/golden/driver-openshift-drivertoolkit.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-precompiled.yaml b/internal/state/testdata/golden/driver-precompiled.yaml index ed9f6b6ff..528ac649f 100644 --- a/internal/state/testdata/golden/driver-precompiled.yaml +++ b/internal/state/testdata/golden/driver-precompiled.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-rdma-hostmofed.yaml b/internal/state/testdata/golden/driver-rdma-hostmofed.yaml index dd2d858ce..be350df3b 100644 --- a/internal/state/testdata/golden/driver-rdma-hostmofed.yaml +++ b/internal/state/testdata/golden/driver-rdma-hostmofed.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-rdma.yaml b/internal/state/testdata/golden/driver-rdma.yaml index 4e8ad0ed0..bae0f7f0e 100644 --- a/internal/state/testdata/golden/driver-rdma.yaml +++ b/internal/state/testdata/golden/driver-rdma.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-vgpu-host-manager.yaml b/internal/state/testdata/golden/driver-vgpu-host-manager.yaml index 10498a256..579b7eb9f 100644 --- a/internal/state/testdata/golden/driver-vgpu-host-manager.yaml +++ b/internal/state/testdata/golden/driver-vgpu-host-manager.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/internal/state/testdata/golden/driver-vgpu-licensing.yaml b/internal/state/testdata/golden/driver-vgpu-licensing.yaml index 90d29b7be..a33263795 100644 --- a/internal/state/testdata/golden/driver-vgpu-licensing.yaml +++ b/internal/state/testdata/golden/driver-vgpu-licensing.yaml @@ -18,23 +18,6 @@ rules: - securitycontextconstraints verbs: - use -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/manifests/state-driver/0200_role.yaml b/manifests/state-driver/0200_role.yaml index ec2d6434f..e3a8a3287 100644 --- a/manifests/state-driver/0200_role.yaml +++ b/manifests/state-driver/0200_role.yaml @@ -12,20 +12,3 @@ rules: - use resourceNames: - privileged -- apiGroups: - - "" - resources: - - pods - - pods/eviction - - nodes - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*'