From c95c5851a02f3741fbdd80972e059a3935c1cd51 Mon Sep 17 00:00:00 2001 From: Jason Prodonovich Date: Tue, 12 Mar 2019 21:16:38 -0400 Subject: [PATCH] Add ClusterRole and ClusterRole (#2684) * Add ClusterRole and ClusterRole binding to allow Namespace and Events listing * Remove namespace Remove namespace from ClusterRole and ClusterRoleBinding --- kubeflow/common/centraldashboard.libsonnet | 53 ++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/kubeflow/common/centraldashboard.libsonnet b/kubeflow/common/centraldashboard.libsonnet index 93eabafdef1..1cec163da1c 100644 --- a/kubeflow/common/centraldashboard.libsonnet +++ b/kubeflow/common/centraldashboard.libsonnet @@ -155,12 +155,65 @@ }, // role binding centralDashboardRoleBinding:: centralDashboardRoleBinding, + local centralDashboardClusterRole = { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRole", + metadata: { + labels: { + app: "centraldashboard", + }, + name: "centraldashboard", + }, + rules: [ + { + apiGroups: [""], + resources: [ + "namespaces", + "events" + ], + verbs: [ + "get", + "list", + "watch", + ], + } + ], + }, // clusterrole + centralDashboardClusterRole:: centralDashboardClusterRole, + + local centralDashboardClusterRoleBinding = { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRoleBinding", + metadata: { + labels: { + app: "centraldashboard", + }, + name: "centraldashboard", + }, + roleRef: { + apiGroup: "rbac.authorization.k8s.io", + kind: "ClusterRole", + name: "centraldashboard", + }, + subjects: [ + { + kind: "ServiceAccount", + name: "centraldashboard", + namespace: params.namespace, + }, + ], + }, // clusterrolebinding + centralDashboardClusterRoleBinding:: centralDashboardClusterRoleBinding, + parts:: self, all:: [ self.centralDashboardDeployment, self.centralDashboardService, self.centralDashboardServiceAccount, self.centralDashboardRole, + self.centralDashboardRoleBinding, + self.centralDashboardClusterRole, + self.centralDashboardClusterRoleBinding, ], list(obj=self.all):: util.list(obj),