Open majst01 opened 3 years ago
It should be listed explicitly which verbs on the pods should be possible for the csi-lvm instead of wildcard(*).
This is set actually here: https://github.com/metal-stack/gardener-extension-provider-metal/blob/master/charts/internal/shoot-storageclasses/templates/storageclasses.yaml I propose instead to limit this to:
create, delete, get, list, patch, update, watch
It should be listed explicitly which verbs on the pods should be possible for the csi-lvm instead of wildcard(*).
This is set actually here: https://github.com/metal-stack/gardener-extension-provider-metal/blob/master/charts/internal/shoot-storageclasses/templates/storageclasses.yaml I propose instead to limit this to:
create, delete, get, list, patch, update, watch