Skip to content

Commit

Permalink
Add clusterrole from vCluster chart RBAC
Browse files Browse the repository at this point in the history
Signed-off-by: Xiaodong Ye <[email protected]>
  • Loading branch information
yeahdongcn committed Nov 27, 2023
1 parent 596d1a9 commit 584a745
Show file tree
Hide file tree
Showing 2 changed files with 211 additions and 2 deletions.
54 changes: 53 additions & 1 deletion config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ rules:
## Extra rules used by the controller manager
##
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies", "ingressclasses"]
resources: ["networkpolicies", "ingresses"]
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
- apiGroups: [""]
resources: ["limitranges", "resourcequotas"]
Expand All @@ -80,4 +80,56 @@ rules:
resources: ["clusterroles", "clusterrolebindings"]
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]

##
## Rules from vCluster OSS (helm-charts/vcluster/templates/rbac/clusterrole.yaml)
##
- apiGroups: [""]
resources: ["nodes", "nodes/status"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: [ "pods", "nodes/metrics", "nodes/stats"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["nodes/proxy"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["nodes", "nodes/status"]
verbs: ["update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create", "delete", "patch", "update", "get", "watch", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses","csinodes","csidrivers","csistoragecapacities"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingressclasses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["create", "delete", "patch", "update", "get", "watch", "list"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["scheduling.k8s.io"]
resources: ["priorityclasses"]
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["create", "delete", "patch", "update", "get", "watch", "list"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
- apiGroups: ["metrics.k8s.io"]
resources: ["nodes"]
verbs: ["get", "list"]

#+kubebuilder:scaffold:rules
159 changes: 158 additions & 1 deletion deploy/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ rules:
- networking.k8s.io
resources:
- networkpolicies
- ingressclasses
- ingresses
verbs:
- create
- delete
Expand Down Expand Up @@ -210,6 +210,163 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- pods
- nodes/metrics
- nodes/stats
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- update
- patch
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- create
- delete
- patch
- update
- get
- watch
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
- csinodes
- csidrivers
- csistoragecapacities
verbs:
- get
- watch
- list
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- watch
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- create
- delete
- patch
- update
- get
- watch
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- watch
- list
- apiGroups:
- scheduling.k8s.io
resources:
- priorityclasses
verbs:
- create
- delete
- patch
- update
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotclasses
verbs:
- get
- list
- watch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- create
- delete
- patch
- update
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- delete
- patch
- update
- get
- watch
- list
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- patch
- update
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- nodes
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
Expand Down

0 comments on commit 584a745

Please sign in to comment.