mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-02-14 10:00:11 +00:00
353a850f8d
* sync labels from klusterlet to all agent resources (#475) Signed-off-by: Zhiwei Yin <zyin@redhat.com> * add enable-sync-labels flag to klusterlet operator (#505) Signed-off-by: Zhiwei Yin <zyin@redhat.com> * fix issue that pull secret and ns are synced labels when enable-sync-labels is disabled (#511) Signed-off-by: Zhiwei Yin <zyin@redhat.com> --------- Signed-off-by: Zhiwei Yin <zyin@redhat.com>
24 lines
990 B
YAML
24 lines
990 B
YAML
# ClusterRoleBinding for registration to manage addons whose agents are not in the same cluster as the
|
|
# registration agent.
|
|
# TODO: 1 When addon-management feature gate is disabled, do not install this ClusterRoleBinding and ClusterRole,
|
|
# and registration agent should run successfully. 2 Replace this ClusterRoleBinding with RoleBinding, and bind
|
|
# ClusterRole and ServiceAccount to user defined addon namespaces.
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: open-cluster-management:{{ .KlusterletName }}-registration:addon-management
|
|
labels:
|
|
{{ if gt (len .Labels) 0 }}
|
|
{{ range $key, $value := .Labels }}
|
|
{{ $key }}: {{ $value }}
|
|
{{ end }}
|
|
{{ end }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: open-cluster-management:{{ .KlusterletName }}-registration:addon-management
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ .RegistrationServiceAccount }}
|
|
namespace: {{ .KlusterletNamespace }}
|