From 29fc00c58f1f8d1c849f8f8d6d8010ca659233c3 Mon Sep 17 00:00:00 2001
From: mrxhunt <mrxhunt@wearehackerone.com>
Date: Thu, 12 Mar 2026 07:11:26 +0000
Subject: [PATCH] restrict phoenix RBAC to minimum permissions

---
 phoenix/rbac.yaml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/phoenix/rbac.yaml b/phoenix/rbac.yaml
index e9fa6dc..df56ffc 100644
--- a/phoenix/rbac.yaml
+++ b/phoenix/rbac.yaml
@@ -10,12 +10,14 @@ metadata:
   name: phoenix-role
   namespace: web
 rules:
-- apiGroups: [""]
-  resources: ["*"]
-  verbs: ["get", "watch", "list"]
-- apiGroups: ["apps"]
-  resources: ["*"]
-  verbs: ["get", "watch", "list"]
+- apiGroups:
+  - "apps"
+  resources:
+  - deployments
+  resourceNames:
+  - phoenix-app
+  verbs:
+  - get
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding