From 967db1f7f50df719dca686200b769634f9681293 Mon Sep 17 00:00:00 2001
From: Shreyas220 <shreyas.ny@gmail.com>
Date: Thu, 13 Jun 2024 00:45:16 +0530
Subject: [PATCH] reducing kiem job permission

Signed-off-by: Shreyas220 <shreyas.ny@gmail.com>

reducing kiem job permission

Signed-off-by: Shreyas220 <shreyas.ny@gmail.com>
---
 kiem-job/templates/deployment.yaml |  1 -
 kiem-job/templates/role.yaml       | 21 +++++++++++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/kiem-job/templates/deployment.yaml b/kiem-job/templates/deployment.yaml
index 673cdd3..152e209 100644
--- a/kiem-job/templates/deployment.yaml
+++ b/kiem-job/templates/deployment.yaml
@@ -7,7 +7,6 @@ spec:
   schedule: "{{ .Values.accuknox.cronTab }}"  
   successfulJobsHistoryLimit: 1
   failedJobsHistoryLimit: 1
-
   jobTemplate:
     metadata:
       labels:
diff --git a/kiem-job/templates/role.yaml b/kiem-job/templates/role.yaml
index 810266a..bc21f2e 100644
--- a/kiem-job/templates/role.yaml
+++ b/kiem-job/templates/role.yaml
@@ -12,5 +12,22 @@ rules:
         - authorization.k8s.io
         - certificates.k8s.io
         - apiextensions.k8s.io
-    resources: ["*"]
-    verbs:  ["*"]
+        - batch
+    resources:  
+        - namespaces
+        - pods
+        - serviceaccounts
+        - roles
+        - rolebindings
+        - clusterroles
+        - clusterrolebindings
+        - deployments
+        - replicasets
+        - statefulsets
+        - daemonsets
+        - jobs
+        - cronjobs
+    verbs:
+        - get
+        - list
+        - watch