Skip to content

Commit

Permalink
Merge pull request #3603 from cyclinder/rbac_rebase
Browse files Browse the repository at this point in the history 
RBAC: rebase pull 3522
  • Loading branch information
@weizhoublue
weizhoublue committed Jun 18, 2024
2 parents 31ccba5 + ff1e81c commit cd1badc
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 291 deletions.
294 changes: 25 additions & 269 deletions charts/spiderpool/templates/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,166 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- namespaces
- pods/status
verbs:
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- nodes
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- apiGroups:
- k8s.cni.cncf.io
resources:
- network-attachment-definitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
- virtualmachines
verbs:
- get
- list
- apiGroups:
- resource.k8s.io
resources:
- podschedulingcontexts
- podschedulingcontexts/status
- resourceclaims
- resourceclaims/status
- resourceclaimtemplates
- resourceclasses
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- spiderpool.spidernet.io
resources:
- spiderclaimparameters
- spidercoordinators
- spiderendpoints
- spiderippools
- spidermultusconfigs
- spiderreservedips
- spidersubnets
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- spiderpool.spidernet.io
resources:
- spidercoordinators/status
- spiderippools/status
- spidersubnets/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}
name: spiderpool-admin
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -271,6 +112,12 @@ rules:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- get
- list
- apiGroups:
- kubevirt.io
resources:
- virtualmachines
verbs:
- get
Expand All @@ -294,16 +141,9 @@ rules:
- spiderpool.spidernet.io
resources:
- spiderclaimparameters
- spidercoordinators
- spiderendpoints
- spiderippools
- spidermultusconfigs
- spiderreservedips
- spidersubnets
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
Expand All @@ -312,70 +152,27 @@ rules:
- apiGroups:
- spiderpool.spidernet.io
resources:
- spidercoordinators/status
- spiderippools/status
- spidersubnets/status
verbs:
- get
- patch
- update
---
{{- if or .Values.ipam.enableIPv4 .Values.ipam.enableIPv6 }}
{{- if or .Values.clusterDefaultPool.installIPv4IPPool .Values.clusterDefaultPool.installIPv6IPPool .Values.coordinator.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- namespaces
- pods
- pods/status
- spidercoordinators
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
- spiderpool.spidernet.io
resources:
- events
- spidercoordinators/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
- spiderpool.spidernet.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
- spiderendpoints
verbs:
- create
- delete
Expand All @@ -385,49 +182,30 @@ rules:
- update
- watch
- apiGroups:
- apiextensions.k8s.io
- spiderpool.spidernet.io
resources:
- customresourcedefinitions
- spiderippools
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- replicasets
- statefulsets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
- spiderpool.spidernet.io
resources:
- leases
- spiderippools/status
verbs:
- create
- get
- patch
- update
- apiGroups:
- k8s.cni.cncf.io
- spiderpool.spidernet.io
resources:
- network-attachment-definitions
- spidermultusconfigs
verbs:
- create
- delete
Expand All @@ -437,23 +215,12 @@ rules:
- update
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
- virtualmachines
verbs:
- get
- list
- apiGroups:
- resource.k8s.io
- spiderpool.spidernet.io
resources:
- podschedulingcontexts
- podschedulingcontexts/status
- resourceclaims
- resourceclaims/status
- resourceclaimtemplates
- resourceclasses
- spiderreservedips
verbs:
- create
- delete
- get
- list
- patch
Expand All @@ -462,17 +229,10 @@ rules:
- apiGroups:
- spiderpool.spidernet.io
resources:
- spiderclaimparameters
- spidercoordinators
- spiderendpoints
- spiderippools
- spidermultusconfigs
- spiderreservedips
- spidersubnets
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
Expand All @@ -481,12 +241,8 @@ rules:
- apiGroups:
- spiderpool.spidernet.io
resources:
- spidercoordinators/status
- spiderippools/status
- spidersubnets/status
verbs:
- get
- patch
- update
{{- end }}
{{- end }}
Loading

0 comments on commit cd1badc

Please sign in to comment.