Created
March 25, 2019 11:49
-
-
Save inyee786/3885e19b53f39d85cebdabdcb4ac4277 to your computer and use it in GitHub Desktop.
openebs clusterrole suse platfom
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: openebs | |
| --- | |
| # Create Maya Service Account | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: openebs-maya-operator | |
| namespace: openebs | |
| --- | |
| # Define Role that allows operations on K8s pods/deployments | |
| kind: ClusterRole | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: openebs-maya-operator | |
| rules: | |
| - apiGroups: ["*"] | |
| resources: ["nodes", "nodes/proxy"] | |
| verbs: ["*"] | |
| - apiGroups: ["*"] | |
| resources: ["namespaces", "services", "pods", "deployments", "events", "endpoints", "configmaps", "jobs"] | |
| verbs: ["*"] | |
| - apiGroups: ["*"] | |
| resources: ["storageclasses", "persistentvolumeclaims", "persistentvolumes"] | |
| verbs: ["*"] | |
| - apiGroups: ["volumesnapshot.external-storage.k8s.io"] | |
| resources: ["volumesnapshots", "volumesnapshotdatas"] | |
| verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] | |
| - apiGroups: ["apiextensions.k8s.io"] | |
| resources: ["customresourcedefinitions"] | |
| verbs: [ "get", "list", "create", "update", "delete"] | |
| - apiGroups: ["*"] | |
| resources: [ "disks"] | |
| verbs: ["*" ] | |
| - apiGroups: ["*"] | |
| resources: [ "storagepoolclaims", "storagepools"] | |
| verbs: ["*" ] | |
| - apiGroups: ["*"] | |
| resources: [ "castemplates", "runtasks"] | |
| verbs: ["*" ] | |
| - apiGroups: ["*"] | |
| resources: [ "cstorpools", "cstorvolumereplicas", "cstorvolumes"] | |
| verbs: ["*" ] | |
| - nonResourceURLs: ["/metrics"] | |
| verbs: ["get"] | |
| - apiGroups: | |
| - extensions | |
| resourceNames: | |
| - suse.caasp.psp.privileged | |
| resources: | |
| - podsecuritypolicies | |
| verbs: | |
| - use | |
| --- | |
| # Bind the Service Account with the Role Privileges. | |
| # TODO: Check if default account also needs to be there | |
| kind: ClusterRoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| name: openebs-maya-operator | |
| subjects: | |
| - kind: ServiceAccount | |
| name: openebs-maya-operator | |
| namespace: openebs | |
| - kind: User | |
| name: system:serviceaccount:default:default | |
| apiGroup: rbac.authorization.k8s.io | |
| roleRef: | |
| kind: ClusterRole | |
| name: openebs-maya-operator | |
| apiGroup: rbac.authorization.k8s.io | |
| --- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment