Skip to content

Commit

Permalink
fix: remove dependency on cluster-admin
Browse files Browse the repository at this point in the history
  • Loading branch information
@oilbeater
oilbeater committed Jul 9, 2019
1 parent dee797f commit 8736729
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 55 deletions.
22 changes: 0 additions & 22 deletions yamls/cm.yaml
View file

This file was deleted.

42 changes: 9 additions & 33 deletions yamls/ovn.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,24 +23,28 @@ kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:ovn-reader
name: system:ovn
rules:
- apiGroups:
- ""
- extensions
resources:
- pods
- namespaces
- networkpolicies
- nodes
- configmaps
verbs:
- get
- list
- watch
- patch
- update
- apiGroups:
- ""
- networking.k8s.io
resources:
- networkpolicies
- services
- endpoints
verbs:
- get
- list
Expand All @@ -58,37 +62,9 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn-cluster-reader
roleRef:
name: cluster-reader
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-ovn

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn-reader
roleRef:
name: system:ovn-reader
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-ovn

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cluster-admin-0
name: ovn
roleRef:
name: cluster-admin
name: system:ovn
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
Expand Down

0 comments on commit 8736729

Please sign in to comment.