From ab8091cffc5768aff8786eff43301f797de41a60 Mon Sep 17 00:00:00 2001
From: gaofei <gaofei@qq.com>
Date: Wed, 26 Jun 2024 17:02:12 +0800
Subject: [PATCH] Shrink permissions of vc scheduler & controller

Signed-off-by: gaofei <gaofei@qq.com>
Signed-off-by: Monokaix <changxuzheng@huawei.com>
---
 installer/helm/chart/volcano/templates/controllers.yaml | 2 +-
 installer/helm/chart/volcano/templates/scheduler.yaml   | 7 +++++--
 installer/volcano-development.yaml                      | 9 ++++++---
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/installer/helm/chart/volcano/templates/controllers.yaml b/installer/helm/chart/volcano/templates/controllers.yaml
index 83e433d56f..6fa8a96cd3 100644
--- a/installer/helm/chart/volcano/templates/controllers.yaml
+++ b/installer/helm/chart/volcano/templates/controllers.yaml
@@ -40,7 +40,7 @@ rules:
     verbs: ["create", "list", "watch", "update", "patch"]
   - apiGroups: [""]
     resources: ["pods"]
-    verbs: ["create", "get", "list", "watch", "update", "bind", "delete", "patch"]
+    verbs: ["create", "get", "list", "watch", "delete", "patch"]
   - apiGroups: [""]
     resources: ["pods/finalizers"]
     verbs: ["update", "patch"]
diff --git a/installer/helm/chart/volcano/templates/scheduler.yaml b/installer/helm/chart/volcano/templates/scheduler.yaml
index c616f5b666..ccd32fe2b3 100644
--- a/installer/helm/chart/volcano/templates/scheduler.yaml
+++ b/installer/helm/chart/volcano/templates/scheduler.yaml
@@ -52,8 +52,11 @@ rules:
     resources: ["events"]
     verbs: ["create", "list", "watch", "update", "patch"]
   - apiGroups: [""]
-    resources: ["pods", "pods/status"]
-    verbs: ["create", "get", "list", "watch", "update", "patch", "bind", "updateStatus", "delete"]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["pods/status"]
+    verbs: ["update"]
   - apiGroups: [""]
     resources: ["pods/binding"]
     verbs: ["create"]
diff --git a/installer/volcano-development.yaml b/installer/volcano-development.yaml
index c16c693bee..446afbe096 100644
--- a/installer/volcano-development.yaml
+++ b/installer/volcano-development.yaml
@@ -4050,7 +4050,7 @@ rules:
     verbs: ["create", "list", "watch", "update", "patch"]
   - apiGroups: [""]
     resources: ["pods"]
-    verbs: ["create", "get", "list", "watch", "update", "bind", "delete", "patch"]
+    verbs: ["create", "get", "list", "watch", "delete", "patch"]
   - apiGroups: [""]
     resources: ["pods/finalizers"]
     verbs: ["update", "patch"]
@@ -4189,8 +4189,11 @@ rules:
     resources: ["events"]
     verbs: ["create", "list", "watch", "update", "patch"]
   - apiGroups: [""]
-    resources: ["pods", "pods/status"]
-    verbs: ["create", "get", "list", "watch", "update", "patch", "bind", "updateStatus", "delete"]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["pods/status"]
+    verbs: ["update"]
   - apiGroups: [""]
     resources: ["pods/binding"]
     verbs: ["create"]