Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubevirt: add sample Role to grant privileges for non-admin to run v2v #4965

Merged
merged 3 commits into from
Apr 14, 2020
Merged

kubevirt: add sample Role to grant privileges for non-admin to run v2v #4965

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
7d5ee03
kubevirt: add sample Role to grant privileges for non-admin to run v2v
mareklibra Apr 8, 2020
7475762
Enable v2v-vmware configmap READ access to all authenticated users
mareklibra Apr 9, 2020
847a5e0
Add workaround for kubevirt-storage-class-defaults
mareklibra Apr 9, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
66 changes: 66 additions & 0 deletions frontend/packages/kubevirt-plugin/integration-tests/data/role.v2v-vmware.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: openshift-cnv
name: v2v-vmware-configmap-read
rules:
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["v2v-vmware"]
# resourceNames: ["v2v-vmware", "kubevirt-storage-class-defaults"] # workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1784467
verbs: ["get", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: openshift-cnv
name: v2v-vmware-configmap-read
subjects:
# enable for all authenticated users
- kind: Group
name: system:authenticated
apiGroup: "rbac.authorization.k8s.io"
# Or enable for a named user only:
#- kind: User
# name: test # change to particular user who needs to run v2v
# apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: v2v-vmware-configmap-read
apiGroup: rbac.authorization.k8s.io

#####################################
# Following permissions are optional
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: kube-public
name: vmware-to-kubevirt-os-configmap-read
rules:
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["vmware-to-kubevirt-os"]
verbs: ["get", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: kube-public
name: vmware-to-kubevirt-os-configmap-read
subjects:
- kind: Group
name: system:authenticated
apiGroup: "rbac.authorization.k8s.io"
# Or enable for a named user only:
#- kind: User
# name: test # change to particular user who needs to run v2v
# apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: vmware-to-kubevirt-os-configmap-read
apiGroup: rbac.authorization.k8s.io