Skip to content

Commit

Permalink
fix rbac role issue (#3753)
Browse files Browse the repository at this point in the history 
Signed-off-by: chenqiming <whqscqm@outlook.com>
  • Loading branch information
@BillyChen1
BillyChen1 committed Mar 7, 2024
1 parent 212d6e8 commit 8637168
Show file tree
Hide file tree
Showing 8 changed files with 385 additions and 23 deletions.
52 changes: 49 additions & 3 deletions charts/fluid/fluid/templates/role/alluxio/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,13 @@ rules:
- alluxioruntimes/status
- datasets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
Expand All @@ -114,13 +120,39 @@ rules:
- daemonsets/status
- statefulsets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ include "fluid.namespace" . }}
name: alluxioruntime-controller
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- alluxio.data.fluid.io
verbs:
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -135,6 +167,20 @@ subjects:
name: alluxioruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: alluxioruntime-controller
namespace: {{ include "fluid.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: alluxioruntime-controller
subjects:
- kind: ServiceAccount
name: alluxioruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
52 changes: 49 additions & 3 deletions charts/fluid/fluid/templates/role/dataset/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,13 @@ rules:
- efcruntimes
- efcruntimes/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
Expand All @@ -109,7 +115,13 @@ rules:
- daemonsets/status
- statefulsets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
Expand All @@ -122,12 +134,32 @@ rules:
- 'watch'
- 'update'
- 'patch'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ include "fluid.namespace" . }}
name: dataset-controller
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- dataset.data.fluid.io
verbs:
- '*'
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -142,6 +174,20 @@ subjects:
name: dataset-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dataset-controller
namespace: {{ include "fluid.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dataset-controller
subjects:
- kind: ServiceAccount
name: dataset-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
52 changes: 49 additions & 3 deletions charts/fluid/fluid/templates/role/efc/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,13 @@ rules:
- efcruntimes/status
- datasets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
Expand All @@ -113,13 +119,39 @@ rules:
- daemonsets/status
- statefulsets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ include "fluid.namespace" . }}
name: efcruntime-controller
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- efc.data.fluid.io
verbs:
- "*"
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -134,6 +166,20 @@ subjects:
name: efcruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: efcruntime-rolebinding
namespace: {{ include "fluid.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: efcruntime-controller
subjects:
- kind: ServiceAccount
name: efcruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
44 changes: 42 additions & 2 deletions charts/fluid/fluid/templates/role/fluidapp/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,13 +38,39 @@ rules:
resources:
- configmaps
verbs:
- "*"
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ include "fluid.namespace" . }}
name: fluidapp-controller
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- fluidapp.data.fluid.io
verbs:
- "*"
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -59,6 +85,20 @@ subjects:
name: fluidapp-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: fluidapp-controller
namespace: {{ include "fluid.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: fluidapp-controller
subjects:
- kind: ServiceAccount
name: fluidapp-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
52 changes: 49 additions & 3 deletions charts/fluid/fluid/templates/role/goosefs/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,13 @@ rules:
- goosefsruntimes/status
- datasets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- apps
resources:
Expand All @@ -114,13 +120,39 @@ rules:
- daemonsets/status
- statefulsets/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: {{ include "fluid.namespace" . }}
name: goosefsruntime-controller
rules:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- goosefs.data.fluid.io
verbs:
- '*'
- get
- list
- watch
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -135,6 +167,20 @@ subjects:
name: goosefsruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: goosefsruntime-rolebinding
namespace: {{ include "fluid.namespace" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: goosefsruntime-controller
subjects:
- kind: ServiceAccount
name: goosefsruntime-controller
namespace: {{ include "fluid.namespace" . }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down
Loading

0 comments on commit 8637168

Please sign in to comment.