From 3bf72f254279a228045d50bb13b48b2080115b4a Mon Sep 17 00:00:00 2001
From: Enrique Llorente <ellorent@redhat.com>
Date: Mon, 19 Sep 2022 09:46:18 +0200
Subject: [PATCH] kustomize, isolated: Remove nodes RBAC

Nodes is not needed for isolated overlay since the node sync feature is
deactivated at cloud-config.

This change also reduce the verbos for pods since update is not needed.

Signed-off-by: Enrique Llorente <ellorent@redhat.com>
---
 config/isolated/kustomization.yaml | 7 +++++++
 config/rbac/kccm_role.yaml         | 4 +++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/config/isolated/kustomization.yaml b/config/isolated/kustomization.yaml
index b9d3121bf..85908eb9b 100644
--- a/config/isolated/kustomization.yaml
+++ b/config/isolated/kustomization.yaml
@@ -8,6 +8,13 @@ patches:
       value: --authentication-skip-lookup=true
   target:
     kind: Deployment
+- patch: |-
+    - op: remove
+      path: /rules/4
+  target:
+    kind: Role
+    name: kccm
+    namespace: default
 
 patchesStrategicMerge:
 - |-
diff --git a/config/rbac/kccm_role.yaml b/config/rbac/kccm_role.yaml
index e2c6f2263..12bf585a5 100644
--- a/config/rbac/kccm_role.yaml
+++ b/config/rbac/kccm_role.yaml
@@ -26,7 +26,9 @@ rules:
   resources:
   - pods
   verbs:
-  - "*"
+  - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources: