github/open-cluster-management
1
0
Fork 0
mirror of https://github.com/open-cluster-management-io/ocm.git synced 2026-02-14 10:00:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5bac053fe0c1bf917456017e5d357ea369177bf3
open-cluster-management/manifests/cluster-manager/hub/placement/clusterrole.yaml
Wei Liu 5bac053fe0
Some checks failed
Scorecard supply-chain security / Scorecard analysis (push) Failing after 2m2s
Post / coverage (push) Failing after 39m59s
Post / images (amd64, addon-manager) (push) Failing after 8m42s
Post / images (amd64, placement) (push) Failing after 7m45s
Post / images (amd64, registration) (push) Failing after 7m51s
Post / images (amd64, registration-operator) (push) Failing after 7m38s
Post / images (amd64, work) (push) Failing after 7m44s
Post / images (arm64, addon-manager) (push) Failing after 7m51s
Post / images (arm64, placement) (push) Failing after 7m48s
Post / images (arm64, registration) (push) Failing after 7m55s
Post / images (arm64, registration-operator) (push) Failing after 7m49s
Post / images (arm64, work) (push) Failing after 7m50s
Post / image manifest (addon-manager) (push) Has been skipped
Post / image manifest (placement) (push) Has been skipped
Post / image manifest (registration) (push) Has been skipped
Post / image manifest (registration-operator) (push) Has been skipped
Post / image manifest (work) (push) Has been skipped
Post / trigger clusteradm e2e (push) Has been skipped
Close stale issues and PRs / stale (push) Successful in 54s
using dir to reorg cluster-manager manifests (#1112) 
Signed-off-by: Wei Liu <liuweixa@redhat.com>
2025-08-18 09:38:43 +00:00

59 lines
2.1 KiB
YAML
Raw Blame History

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: open-cluster-management:{{ .ClusterManagerName }}-placement:controller
labels:
{{ if gt (len .Labels) 0 }}
{{ range $key, $value := .Labels }}
"{{ $key }}": "{{ $value }}"
{{ end }}
{{ end }}
rules:
# Allow controller to get/list/watch/create/delete configmaps
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
# Allow create subjectaccessreviews to access debug path
- apiGroups: ["authorization.k8s.io"]
resources: ["subjectaccessreviews"]
verbs: ["create"]
# Allow controller to create/patch/update events
- apiGroups: ["", "events.k8s.io"]
resources: ["events"]
verbs: ["create", "patch", "update"]
# Allow controller to get/list/create/update/patch leases
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "get", "list", "update", "watch", "patch"]
# Allow controller to view managedclusters/managedclustersets/managedclustersetbindings
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["managedclusters", "managedclustersets", "managedclustersetbindings"]
verbs: ["get", "list", "watch"]
# Allow controller to view addonplacementscores
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["addonplacementscores"]
verbs: ["get", "list", "watch"]
# Allow controller to manage placements/placementdecisions
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["placements"]
verbs: ["get", "list", "watch"]
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["placementdecisions"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["placements/status", "placementdecisions/status"]
verbs: ["update", "patch"]
- apiGroups: ["cluster.open-cluster-management.io"]
resources: ["placements/finalizers"]
verbs: ["update"]
- apiGroups: ["config.openshift.io"]
resources: ["infrastructures"]
verbs: ["get"]
Reference in New Issue View Git Blame Copy Permalink