From 2582e119b73d8bb526d61626875aaf0496b7dc74 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Sun, 27 Oct 2019 13:40:43 +0000 Subject: [PATCH] update rbac role: read --- manifests/dashboard/read-user-sa-rbac.yaml | 23 +++++++++++++++++++--- roles/deploy/files/read-group-rbac.yaml | 23 +++++++++++++++++++--- 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/manifests/dashboard/read-user-sa-rbac.yaml b/manifests/dashboard/read-user-sa-rbac.yaml index 3f832cd..7b5af80 100644 --- a/manifests/dashboard/read-user-sa-rbac.yaml +++ b/manifests/dashboard/read-user-sa-rbac.yaml @@ -29,15 +29,16 @@ rules: resources: - configmaps - endpoints + - nodes + - persistentvolumes - persistentvolumeclaims + - persistentvolumeclaims/status - pods - replicationcontrollers - replicationcontrollers/scale - serviceaccounts - services - - nodes - - persistentvolumeclaims - - persistentvolumes + - services/status verbs: - get - list @@ -69,12 +70,18 @@ rules: - apiGroups: - apps resources: + - controllerrevisions - daemonsets + - daemonsets/status - deployments - deployments/scale + - deployments/status - replicasets - replicasets/scale + - replicasets/status - statefulsets + - statefulsets/scale + - statefulsets/status verbs: - get - list @@ -83,6 +90,7 @@ rules: - autoscaling resources: - horizontalpodautoscalers + - horizontalpodautoscalers/status verbs: - get - list @@ -91,7 +99,9 @@ rules: - batch resources: - cronjobs + - cronjobs/status - jobs + - jobs/status verbs: - get - list @@ -100,12 +110,16 @@ rules: - extensions resources: - daemonsets + - daemonsets/status - deployments - deployments/scale + - deployments/status - ingresses + - ingresses/status - networkpolicies - replicasets - replicasets/scale + - replicasets/status - replicationcontrollers/scale verbs: - get @@ -115,6 +129,7 @@ rules: - policy resources: - poddisruptionbudgets + - poddisruptionbudgets/status verbs: - get - list @@ -122,6 +137,8 @@ rules: - apiGroups: - networking.k8s.io resources: + - ingresses + - ingresses/status - networkpolicies verbs: - get diff --git a/roles/deploy/files/read-group-rbac.yaml b/roles/deploy/files/read-group-rbac.yaml index d39d85c..0eca539 100644 --- a/roles/deploy/files/read-group-rbac.yaml +++ b/roles/deploy/files/read-group-rbac.yaml @@ -22,15 +22,16 @@ rules: resources: - configmaps - endpoints + - nodes + - persistentvolumes - persistentvolumeclaims + - persistentvolumeclaims/status - pods - replicationcontrollers - replicationcontrollers/scale - serviceaccounts - services - - nodes - - persistentvolumeclaims - - persistentvolumes + - services/status verbs: - get - list @@ -62,12 +63,18 @@ rules: - apiGroups: - apps resources: + - controllerrevisions - daemonsets + - daemonsets/status - deployments - deployments/scale + - deployments/status - replicasets - replicasets/scale + - replicasets/status - statefulsets + - statefulsets/scale + - statefulsets/status verbs: - get - list @@ -76,6 +83,7 @@ rules: - autoscaling resources: - horizontalpodautoscalers + - horizontalpodautoscalers/status verbs: - get - list @@ -84,7 +92,9 @@ rules: - batch resources: - cronjobs + - cronjobs/status - jobs + - jobs/status verbs: - get - list @@ -93,12 +103,16 @@ rules: - extensions resources: - daemonsets + - daemonsets/status - deployments - deployments/scale + - deployments/status - ingresses + - ingresses/status - networkpolicies - replicasets - replicasets/scale + - replicasets/status - replicationcontrollers/scale verbs: - get @@ -108,6 +122,7 @@ rules: - policy resources: - poddisruptionbudgets + - poddisruptionbudgets/status verbs: - get - list @@ -115,6 +130,8 @@ rules: - apiGroups: - networking.k8s.io resources: + - ingresses + - ingresses/status - networkpolicies verbs: - get