github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-06 01:07:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

leader election needs to operate configmaps and leases (#260)

Browse Source 
Signed-off-by: haoqing0110 <qhao@redhat.com>
This commit is contained in:
Qing Hao
2022-07-05 14:44:35 +08:00
committed by GitHub
parent 855199ea43
commit 5ffe3b8a8b
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
manifests/klusterlet/management/klusterlet-registration-role.yaml
View File

@@ -6,7 +6,14 @@ metadata:
name: open-cluster-management:management:{{ .KlusterletName }}-registration:agent
namespace: {{ .AgentNamespace }}
rules:
# leader election needs to operate configmaps, create hub-kubeconfig external-managed-registration/work secrets
# leader election needs to operate configmaps and leases
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "get", "list", "update", "watch", "patch"]
# create hub-kubeconfig external-managed-registration/work secrets
# TODO(zhujian7): may be replaced by a clusterrole to grant secret operation for others namespaces when addon
# agents are supported running on the management cluster
- apiGroups: [""]

2
manifests/klusterlet/management/klusterlet-work-role.yaml
View File

@@ -6,7 +6,7 @@ metadata:
name: open-cluster-management:management:{{ .KlusterletName }}-work:agent
namespace: {{ .AgentNamespace }}
rules:
# leader election needs to operate configmaps
# leader election needs to operate configmaps and leases
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]