From 4d2109ee2a77e8fe34484b811bef7caf14a8724b Mon Sep 17 00:00:00 2001
From: Ashley Dumaine <ashley.dumaine@gmail.com>
Date: Mon, 13 May 2024 15:19:12 -0400
Subject: [PATCH] restrict rbac

---
 deploy/chart/templates/clusterrole-rbac.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/deploy/chart/templates/clusterrole-rbac.yaml b/deploy/chart/templates/clusterrole-rbac.yaml
index 5ac7a49b..42dbbeb8 100644
--- a/deploy/chart/templates/clusterrole-rbac.yaml
+++ b/deploy/chart/templates/clusterrole-rbac.yaml
@@ -32,6 +32,9 @@ rules:
     verbs: ["get", "watch", "list", "update", "patch"]
 {{- if .Values.sharedIPLoadBalancing }}
   - apiGroups: ["cilium.io"]
-    resources: ["ciliumloadbalancerippools", "ciliumbgppeeringpolicies"]
+    resources: ["ciliumloadbalancerippools"]
     verbs: ["get", "watch", "list", "update", "create", "delete"]
+  - apiGroups: ["cilium.io"]
+    resources: ["ciliumbgppeeringpolicies"]
+    verbs: ["get", "watch", "list", "create"]
 {{- end }}