mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-22 00:54:00 +00:00
718605172f
* split work permissions Signed-off-by: haoqing0110 <qhao@redhat.com> * add more comments Signed-off-by: haoqing0110 <qhao@redhat.com>
16 lines
612 B
YAML
16 lines
612 B
YAML
# ClusterRoleBinding for work execution permissions.
|
|
# TODO: replace this with user defined execution permissions.
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: open-cluster-management:work:execution-admin
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
# We deploy a controller that could work with permission lower than cluster-admin, the tradeoff is
|
|
# responsivity because list/watch cannot be maintained over too many namespaces.
|
|
name: admin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: work-agent-sa
|
|
namespace: open-cluster-management-agent |