From 68752cf7aa8e3aef2456506c452ae7c82d4fb264 Mon Sep 17 00:00:00 2001 From: Daniel Valdivia Date: Fri, 24 Jul 2020 04:07:36 -0700 Subject: [PATCH] Update Kustomize Artifacts (#192) --- kustomization.yaml | 3 +- operator-kustomize/cluster-role-binding.yaml | 12 +++ operator-kustomize/cluster-role.yaml | 76 +++++++++++++++++++ operator-kustomize/rbac.yaml | 80 -------------------- 4 files changed, 90 insertions(+), 81 deletions(-) create mode 100644 operator-kustomize/cluster-role-binding.yaml create mode 100644 operator-kustomize/cluster-role.yaml delete mode 100644 operator-kustomize/rbac.yaml diff --git a/kustomization.yaml b/kustomization.yaml index 46818e1ea4b..166a22ebc3d 100644 --- a/kustomization.yaml +++ b/kustomization.yaml @@ -59,6 +59,7 @@ vars: resources: - operator-kustomize/namespace.yaml - operator-kustomize/service-account.yaml + - operator-kustomize/cluster-role.yaml + - operator-kustomize/cluster-role-binding.yaml - operator-kustomize/crd.yaml - - operator-kustomize/rbac.yaml - operator-kustomize/deployment.yaml diff --git a/operator-kustomize/cluster-role-binding.yaml b/operator-kustomize/cluster-role-binding.yaml new file mode 100644 index 00000000000..5e36b59dd76 --- /dev/null +++ b/operator-kustomize/cluster-role-binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: minio-operator-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: minio-operator-role +subjects: + - kind: ServiceAccount + name: minio-operator + namespace: default diff --git a/operator-kustomize/cluster-role.yaml b/operator-kustomize/cluster-role.yaml new file mode 100644 index 00000000000..1652af0a0ce --- /dev/null +++ b/operator-kustomize/cluster-role.yaml @@ -0,0 +1,76 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: minio-operator-role +rules: + - apiGroups: + - "" + resources: + - namespaces + - secrets + - pods + - services + - events + verbs: + - get + - watch + - create + - list + - delete + - apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - get + - create + - list + - patch + - watch + - update + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - get + - create + - list + - patch + - watch + - update + - delete + - apiGroups: + - "certificates.k8s.io" + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: + - update + - create + - get + - delete + - apiGroups: + - certificates.k8s.io + resourceNames: + - kubernetes.io/legacy-unknown + resources: + - signers + verbs: + - approve + - sign + - apiGroups: + - minio.min.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - min.io + resources: + - "*" + verbs: + - "*" diff --git a/operator-kustomize/rbac.yaml b/operator-kustomize/rbac.yaml deleted file mode 100644 index 6943191a4e7..00000000000 --- a/operator-kustomize/rbac.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: minio-operator-role -rules: -- apiGroups: - - "" - resources: - - namespaces - - secrets - - pods - - services - - events - verbs: - - get - - watch - - create - - list - - delete -- apiGroups: - - apps - resources: - - statefulsets - - deployments - verbs: - - get - - create - - list - - patch - - watch - - update - - delete -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - create - - list - - patch - - watch - - update - - delete -- apiGroups: - - "certificates.k8s.io" - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: - - update - - create - - get - - delete -- apiGroups: - - minio.min.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - min.io - resources: - - "*" - verbs: - - "*" ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: minio-operator-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: minio-operator-role -subjects: -- kind: ServiceAccount - name: minio-operator - namespace: default