From fd697ffbff6299ddab58f98181afde616e459409 Mon Sep 17 00:00:00 2001
From: Lucas Serven <lserven@gmail.com>
Date: Mon, 28 Jan 2019 14:20:58 +0100
Subject: [PATCH] contrib/kube-prometheus: remove node role

This commit removes get/list/watch on nodes for the Prometheus-k8s
instance, as Prometheus pods do not need that privilege for anything.
---
 jsonnet/kube-prometheus/prometheus/prometheus.libsonnet | 1 -
 1 file changed, 1 deletion(-)

diff --git a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
index 89d55bcc..9dd9b7cc 100644
--- a/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/prometheus/prometheus.libsonnet
@@ -129,7 +129,6 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       local coreRule = policyRule.new() +
                        policyRule.withApiGroups(['']) +
                        policyRule.withResources([
-                         'nodes',
                          'services',
                          'endpoints',
                          'pods',
-- 
GitLab