From 2b6973bcbedeb5b6be8944e171e130dca62d6ff0 Mon Sep 17 00:00:00 2001
From: Wilfred Spiegelenburg <wilfreds@apache.org>
Date: Thu, 12 Jun 2025 18:24:23 +1000
Subject: [PATCH] [YUNIKORN-3081] Remove pods get from admission controller
 cluster role

The admission controller code does not reference the pod retrieval. That
means it should not need the permission on a role.
---
 .gitignore                                                    | 3 +++
 helm-charts/yunikorn/templates/admission-controller-rbac.yaml | 3 ---
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8613ea4..bd1cc38 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,8 @@
 .idea
 .DS_Store
+staging/
 staging/*
 staging/**
 target
+*.swp
+*.tmp
diff --git a/helm-charts/yunikorn/templates/admission-controller-rbac.yaml b/helm-charts/yunikorn/templates/admission-controller-rbac.yaml
index 759de41..17d203f 100644
--- a/helm-charts/yunikorn/templates/admission-controller-rbac.yaml
+++ b/helm-charts/yunikorn/templates/admission-controller-rbac.yaml
@@ -39,9 +39,6 @@ rules:
   - apiGroups: ["admissionregistration.k8s.io"]
     resources: ["mutatingwebhookconfigurations"]
     verbs: ["get", "watch", "list", "create", "patch", "update", "delete"]
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get"]
   - apiGroups: [""]
     resources: ["namespaces"]
     verbs: ["get", "watch", "list"]