Add requires apis to rbac cluster roles

stackube-controller needs to create/delete roles and rolebindings. It also has to visit all apis in order to create tenant's own role. Change-Id: I48e8f0aaec00241d30dba818bcc19a3349237a16 Closes-Bug: 1707599 Signed-off-by: Pengfei Ni <feiskyer@gmail.com>
2017-07-31 17:23:08 +08:00 · 2017-07-31 17:23:08 +08:00 · 82b659963e
commit 82b659963e
parent f6d5dccb19
1 changed files with 5 additions and 6 deletions
--- a/deployment/stackube.yaml
+++ b/deployment/stackube.yaml
@ -266,10 +266,7 @@ rules:
 - apiGroups:
  - "*"
  resources:
-  - namespaces
-  - services
-  - services/status
-  - endpoints
+  - "*"
  verbs:
  - "*"
 - apiGroups:
@ -277,14 +274,16 @@ rules:
  resources:
  - customresourcedefinitions
  verbs:
-  - create
+  - "*"
 - apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - clusterroles
  - clusterrolebindings
+  - roles
+  - rolebindings
  verbs:
-  - create
+  - "*"
 - apiGroups:
  - stackube.kubernetes.io
  resources: