You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I just found that the DaemonSet genie-plugin in the conf has patch/update verb for the pods resource (genie-complete.yaml#L5). However, after reading the source code of cni-genie, I didn't find any Kubernetes API usages that require patch/update pods permissions. Therefore, for security reasons, I suggest checking these permissions to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permission or other feasible methods.
The text was updated successfully, but these errors were encountered:
Hi community!
I just found that the DaemonSet
genie-pluginin the conf haspatch/updateverb for thepodsresource (genie-complete.yaml#L5). However, after reading the source code of cni-genie, I didn't find any Kubernetes API usages that requirepatch/update podspermissions. Therefore, for security reasons, I suggest checking these permissions to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permission or other feasible methods.The text was updated successfully, but these errors were encountered: