mirror of
https://github.com/kubeshark/kubeshark.git
synced 2026-05-11 19:56:38 +00:00
1e2288b9a8
Reorganize permissions example. Permissions for optional features are separated from those that are mandatory. Revised the list of permissions. Added and removed features to make it fit what Mizu currently requires.
37 lines
931 B
YAML
37 lines
931 B
YAML
# This example shows the permissions that are required in order to run the `mizu tap` command in namespace-restricted mode
|
|
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: mizu-runner-role
|
|
namespace: user1
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["list", "watch", "create"]
|
|
- apiGroups: [""]
|
|
resources: ["services"]
|
|
verbs: ["get", "create", "delete"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["daemonsets"]
|
|
verbs: ["create", "patch", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["services/proxy"]
|
|
verbs: ["get", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["create", "delete"]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: mizu-runner-rolebindings
|
|
namespace: user1
|
|
subjects:
|
|
- kind: User
|
|
name: user1
|
|
apiGroup: rbac.authorization.k8s.io
|
|
roleRef:
|
|
kind: Role
|
|
name: mizu-runner-role
|
|
apiGroup: rbac.authorization.k8s.io
|