github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-05-20 16:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

grant work-agent the permission to update namespace

Browse Source 
Signed-off-by: Yang Le <yangle@redhat.com>
This commit is contained in:
Yang Le
2021-07-07 10:58:24 +08:00
parent 3a37a4917b
commit d46ba2ee89
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
manifests/klusterlet/klusterlet-work-clusterrole.yaml
View File

@@ -8,10 +8,10 @@ rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
# Allow agent to create/delete namespaces, get/list are contained in admin role already
# Allow agent to create/update/patch/delete namespaces, get/list/watch are contained in admin role already
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["create", "delete"]
verbs: ["create", "update", "patch", "delete"]
# Allow agent to manage role/rolebinding/clusterrole/clusterrolebinding
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings", "rolebindings"]

4
pkg/operators/klusterlet/bindata/bindata.go
View File

@@ -728,10 +728,10 @@ rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
# Allow agent to create/delete namespaces, get/list are contained in admin role already
# Allow agent to create/update/patch/delete namespaces, get/list/watch are contained in admin role already
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["create", "delete"]
verbs: ["create", "update", "patch", "delete"]
# Allow agent to manage role/rolebinding/clusterrole/clusterrolebinding
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterrolebindings", "rolebindings"]