permissions
This commit is contained in:
Danijel Simeunovic
@@ -1,16 +1,19 @@
|
|||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: kyverno:secrets:view
|
name: kyverno:resources:view
|
||||||
labels:
|
labels:
|
||||||
rbac.kyverno.io/aggregate-to-admission-controller: "true"
|
rbac.kyverno.io/aggregate-to-admission-controller: "true"
|
||||||
rbac.kyverno.io/aggregate-to-reports-controller: "true"
|
rbac.kyverno.io/aggregate-to-reports-controller: "true"
|
||||||
rbac.kyverno.io/aggregate-to-background-controller: "true"
|
rbac.kyverno.io/aggregate-to-background-controller: "true"
|
||||||
|
rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ''
|
- ''
|
||||||
resources:
|
resources:
|
||||||
- secrets
|
- secrets
|
||||||
|
- pod
|
||||||
|
- replicaset
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
@@ -22,11 +25,14 @@ metadata:
|
|||||||
name: kyverno:secrets:manage
|
name: kyverno:secrets:manage
|
||||||
labels:
|
labels:
|
||||||
rbac.kyverno.io/aggregate-to-background-controller: "true"
|
rbac.kyverno.io/aggregate-to-background-controller: "true"
|
||||||
|
rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- ''
|
- ''
|
||||||
resources:
|
resources:
|
||||||
- secrets
|
- secrets
|
||||||
|
- pod
|
||||||
|
- replicaset
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
- update
|
- update
|
||||||
|
|||||||
Reference in New Issue
Block a user