github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-21 00:24:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #136 from elgnay/add-permission

Browse Source 
grant work-agent the permission to update namespace
This commit is contained in:
OpenShift Merge Robot
2021-07-06 23:13:24 -04:00
committed by GitHub
parent 3a37a4917b d46ba2ee89
commit 3c9b5c0010
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/klusterlet/klusterlet-work-clusterrole.yaml
View File

@@ -8,10 +8,10 @@ rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
# Allow agent to create/delete namespaces, get/list are contained in admin role already
# Allow agent to create/update/patch/delete namespaces, get/list/watch are contained in admin role already
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["create", "delete"]
verbs: ["create", "update", "patch", "delete"]
# Allow agent to manage role/rolebinding/clusterrole/clusterrolebinding
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings", "rolebindings"]

4
pkg/operators/klusterlet/bindata/bindata.go
View File

@@ -728,10 +728,10 @@ rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
# Allow agent to create/delete namespaces, get/list are contained in admin role already
# Allow agent to create/update/patch/delete namespaces, get/list/watch are contained in admin role already
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["create", "delete"]
verbs: ["create", "update", "patch", "delete"]
# Allow agent to manage role/rolebinding/clusterrole/clusterrolebinding
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings", "rolebindings"]