From 82b659963e472aae4a33c010b9773cdb7d2080de Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Mon, 31 Jul 2017 17:23:08 +0800 Subject: [PATCH] Add requires apis to rbac cluster roles stackube-controller needs to create/delete roles and rolebindings. It also has to visit all apis in order to create tenant's own role. Change-Id: I48e8f0aaec00241d30dba818bcc19a3349237a16 Closes-Bug: 1707599 Signed-off-by: Pengfei Ni --- deployment/stackube.yaml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/deployment/stackube.yaml b/deployment/stackube.yaml index 6fc9006..56e034c 100644 --- a/deployment/stackube.yaml +++ b/deployment/stackube.yaml @@ -266,10 +266,7 @@ rules: - apiGroups: - "*" resources: - - namespaces - - services - - services/status - - endpoints + - "*" verbs: - "*" - apiGroups: @@ -277,14 +274,16 @@ rules: resources: - customresourcedefinitions verbs: - - create + - "*" - apiGroups: - rbac.authorization.k8s.io resources: - clusterroles - clusterrolebindings + - roles + - rolebindings verbs: - - create + - "*" - apiGroups: - stackube.kubernetes.io resources: