This repository was archived by the owner on Mar 3, 2025. It is now read-only.
This repository was archived by the owner on Mar 3, 2025. It is now read-only.
Bug: Remove unnecessary permissions #235
Description
Hi community!
I just found that the DaemonSet genie-plugin in the conf has patch/update verb for the pods resource (genie-complete.yaml#L5). However, after reading the source code of cni-genie, I didn't find any Kubernetes API usages that require patch/update pods permissions. Therefore, for security reasons, I suggest checking these permissions to determine if they are truly unnecessary. If they are, the issue should be fixed by removing the unnecessary permission or other feasible methods.