mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-02-14 10:00:11 +00:00
353a850f8d
* sync labels from klusterlet to all agent resources (#475) Signed-off-by: Zhiwei Yin <zyin@redhat.com> * add enable-sync-labels flag to klusterlet operator (#505) Signed-off-by: Zhiwei Yin <zyin@redhat.com> * fix issue that pull secret and ns are synced labels when enable-sync-labels is disabled (#511) Signed-off-by: Zhiwei Yin <zyin@redhat.com> --------- Signed-off-by: Zhiwei Yin <zyin@redhat.com>
20 lines
571 B
YAML
20 lines
571 B
YAML
# create this clusterrolebinding so work agent is able to create any clusterrole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: open-cluster-management:{{ .KlusterletName }}-work:agent-kube111
|
|
labels:
|
|
{{ if gt (len .Labels) 0 }}
|
|
{{ range $key, $value := .Labels }}
|
|
{{ $key }}: {{ $value }}
|
|
{{ end }}
|
|
{{ end }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: {{ .WorkServiceAccount }}
|
|
namespace: {{ .KlusterletNamespace }}
|