From 553d6b0c6365aeb58a839fb3b1023f5dda8a91a7 Mon Sep 17 00:00:00 2001
From: Max Leonard Inden <IndenML@gmail.com>
Date: Thu, 31 May 2018 12:46:46 +0200
Subject: [PATCH] rbac: Remove Third Party Resources rules

Since PR 460 [1] the Prometheus Operator is using Kubernetes Custom Resource
Definitions instead of Kubernetes Third Party Resources. Permissions to
handle Third Party Resources in the RBAC rules of the Prometheus
Operator is thereby obsolete.

[1] https://github.com/coreos/prometheus-operator/pull/460
---
 .../prometheus-operator/prometheus-operator.libsonnet    | 9 +--------
 manifests/0prometheus-operator-clusterRole.yaml          | 6 ------
 2 files changed, 1 insertion(+), 14 deletions(-)

diff --git a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
index 32864026..365553d6 100644
--- a/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
+++ b/jsonnet/kube-prometheus/prometheus-operator/prometheus-operator.libsonnet
@@ -33,13 +33,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       local clusterRole = k.rbac.v1.clusterRole;
       local policyRule = clusterRole.rulesType;
 
-      local extensionsRule = policyRule.new() +
-                             policyRule.withApiGroups(['extensions']) +
-                             policyRule.withResources([
-                               'thirdpartyresources',
-                             ]) +
-                             policyRule.withVerbs(['*']);
-
       local apiExtensionsRule = policyRule.new() +
                                 policyRule.withApiGroups(['apiextensions.k8s.io']) +
                                 policyRule.withResources([
@@ -102,7 +95,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
                             ]) +
                             policyRule.withVerbs(['list', 'watch']);
 
-      local rules = [extensionsRule, apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
+      local rules = [apiExtensionsRule, monitoringRule, appsRule, coreRule, podRule, routingRule, nodeRule, namespaceRule];
 
       clusterRole.new() +
       clusterRole.mixin.metadata.withName('prometheus-operator') +
diff --git a/manifests/0prometheus-operator-clusterRole.yaml b/manifests/0prometheus-operator-clusterRole.yaml
index 8c85391f..94f5ce09 100644
--- a/manifests/0prometheus-operator-clusterRole.yaml
+++ b/manifests/0prometheus-operator-clusterRole.yaml
@@ -3,12 +3,6 @@ kind: ClusterRole
 metadata:
   name: prometheus-operator
 rules:
-- apiGroups:
-  - extensions
-  resources:
-  - thirdpartyresources
-  verbs:
-  - '*'
 - apiGroups:
   - apiextensions.k8s.io
   resources:
-- 
GitLab