mirror of
https://github.com/open-cluster-management-io/ocm.git
synced 2026-05-25 02:22:56 +00:00
23 lines
858 B
YAML
23 lines
858 B
YAML
# Mandatory Role permission for registartion agent
|
|
# Registartion agent can not run without these permissions
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: open-cluster-management:registration-agent
|
|
namespace: open-cluster-management-agent
|
|
rules:
|
|
# leader election needs to operate configmaps and leases
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
|
|
- apiGroups: ["coordination.k8s.io"]
|
|
resources: ["leases"]
|
|
verbs: ["create", "get", "list", "update", "watch", "patch"]
|
|
# create hub-kubeconfig and external-managed-registration/work secrets
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
|
|
- apiGroups: ["", "events.k8s.io"]
|
|
resources: ["events"]
|
|
verbs: ["create", "patch", "update"]
|