From b26a9e37d0327f34a926c6cb3305e9be444fa5d2 Mon Sep 17 00:00:00 2001 From: Jason Prodonovich Date: Tue, 12 Mar 2019 12:56:32 -0400 Subject: [PATCH 1/2] Add ClusterRole and ClusterRole binding to allow Namespace and Events listing --- kubeflow/common/centraldashboard.libsonnet | 55 ++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/kubeflow/common/centraldashboard.libsonnet b/kubeflow/common/centraldashboard.libsonnet index 93eabafdef1..f3740af1065 100644 --- a/kubeflow/common/centraldashboard.libsonnet +++ b/kubeflow/common/centraldashboard.libsonnet @@ -155,12 +155,67 @@ }, // role binding centralDashboardRoleBinding:: centralDashboardRoleBinding, + local centralDashboardClusterRole = { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRole", + metadata: { + labels: { + app: "centraldashboard", + }, + name: "centraldashboard", + namespace: params.namespace, + }, + rules: [ + { + apiGroups: [""], + resources: [ + "namespaces", + "events" + ], + verbs: [ + "get", + "list", + "watch", + ], + } + ], + }, // clusterrole + centralDashboardClusterRole:: centralDashboardClusterRole, + + local centralDashboardClusterRoleBinding = { + apiVersion: "rbac.authorization.k8s.io/v1", + kind: "ClusterRoleBinding", + metadata: { + labels: { + app: "centraldashboard", + }, + name: "centraldashboard", + namespace: params.namespace, + }, + roleRef: { + apiGroup: "rbac.authorization.k8s.io", + kind: "ClusterRole", + name: "centraldashboard", + }, + subjects: [ + { + kind: "ServiceAccount", + name: "centraldashboard", + namespace: params.namespace, + }, + ], + }, // clusterrolebinding + centralDashboardClusterRoleBinding:: centralDashboardClusterRoleBinding, + parts:: self, all:: [ self.centralDashboardDeployment, self.centralDashboardService, self.centralDashboardServiceAccount, self.centralDashboardRole, + self.centralDashboardRoleBinding, + self.centralDashboardClusterRole, + self.centralDashboardClusterRoleBinding, ], list(obj=self.all):: util.list(obj), From cd77cc23ea5c8b7e10bcb799764d29cb4141a6a9 Mon Sep 17 00:00:00 2001 From: Jason Prodonovich Date: Tue, 12 Mar 2019 20:49:27 -0400 Subject: [PATCH 2/2] Remove namespace Remove namespace from ClusterRole and ClusterRoleBinding --- kubeflow/common/centraldashboard.libsonnet | 2 -- 1 file changed, 2 deletions(-) diff --git a/kubeflow/common/centraldashboard.libsonnet b/kubeflow/common/centraldashboard.libsonnet index f3740af1065..1cec163da1c 100644 --- a/kubeflow/common/centraldashboard.libsonnet +++ b/kubeflow/common/centraldashboard.libsonnet @@ -163,7 +163,6 @@ app: "centraldashboard", }, name: "centraldashboard", - namespace: params.namespace, }, rules: [ { @@ -190,7 +189,6 @@ app: "centraldashboard", }, name: "centraldashboard", - namespace: params.namespace, }, roleRef: { apiGroup: "rbac.authorization.k8s.io",