Add requires apis to rbac cluster roles
stackube-controller needs to create/delete roles and rolebindings. It also has to visit all apis in order to create tenant's own role. Change-Id: I48e8f0aaec00241d30dba818bcc19a3349237a16 Closes-Bug: 1707599 Signed-off-by: Pengfei Ni <feiskyer@gmail.com>
This commit is contained in:
Pengfei Ni
parent
f6d5dccb19
commit
82b659963e
@ -266,10 +266,7 @@ rules:
|
|||||||
- apiGroups:
|
- apiGroups:
|
||||||
- "*"
|
- "*"
|
||||||
resources:
|
resources:
|
||||||
- namespaces
|
- "*"
|
||||||
- services
|
|
||||||
- services/status
|
|
||||||
- endpoints
|
|
||||||
verbs:
|
verbs:
|
||||||
- "*"
|
- "*"
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
@ -277,14 +274,16 @@ rules:
|
|||||||
resources:
|
resources:
|
||||||
- customresourcedefinitions
|
- customresourcedefinitions
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- "*"
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- rbac.authorization.k8s.io
|
- rbac.authorization.k8s.io
|
||||||
resources:
|
resources:
|
||||||
- clusterroles
|
- clusterroles
|
||||||
- clusterrolebindings
|
- clusterrolebindings
|
||||||
|
- roles
|
||||||
|
- rolebindings
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- "*"
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- stackube.kubernetes.io
|
- stackube.kubernetes.io
|
||||||
resources:
|
resources:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user