1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 12:17:56 +00:00

add watch policy to clusterrole kyverno:customresources (#1084)

This commit is contained in:
shuting 2020-08-24 12:27:16 -07:00 committed by GitHub
parent 8105e4cad8
commit 513f5ec898
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 59 additions and 17 deletions

View file

@ -31,6 +31,10 @@ spec:
type: array type: array
resources: resources:
properties: properties:
annotations:
additionalProperties:
type: string
type: object
kinds: kinds:
items: items:
type: string type: string
@ -41,10 +45,6 @@ spec:
items: items:
type: string type: string
type: array type: array
annotations:
type: object
additionalProperties:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -125,6 +125,10 @@ spec:
resources: resources:
minProperties: 1 minProperties: 1
properties: properties:
annotations:
additionalProperties:
type: string
type: object
kinds: kinds:
items: items:
type: string type: string
@ -135,10 +139,6 @@ spec:
items: items:
type: string type: string
type: array type: array
annotations:
type: object
additionalProperties:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:

View file

@ -80,6 +80,8 @@ rules:
- apiGroups: - apiGroups:
- '*' - '*'
resources: resources:
- policies
- policies/status
- clusterpolicies - clusterpolicies
- clusterpolicies/status - clusterpolicies/status
- clusterpolicyviolations - clusterpolicyviolations

View file

@ -763,6 +763,8 @@ rules:
- apiGroups: - apiGroups:
- '*' - '*'
resources: resources:
- policies
- policies/status
- clusterpolicies - clusterpolicies
- clusterpolicies/status - clusterpolicies/status
- clusterpolicyviolations - clusterpolicyviolations

View file

@ -36,6 +36,10 @@ spec:
type: array type: array
resources: resources:
properties: properties:
annotations:
additionalProperties:
type: string
type: object
kinds: kinds:
items: items:
type: string type: string
@ -46,10 +50,6 @@ spec:
items: items:
type: string type: string
type: array type: array
annotations:
type: object
additionalProperties:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -130,6 +130,10 @@ spec:
resources: resources:
minProperties: 1 minProperties: 1
properties: properties:
annotations:
additionalProperties:
type: string
type: object
kinds: kinds:
items: items:
type: string type: string
@ -140,10 +144,6 @@ spec:
items: items:
type: string type: string
type: array type: array
annotations:
type: object
additionalProperties:
type: string
selector: selector:
properties: properties:
matchExpressions: matchExpressions:
@ -763,6 +763,8 @@ rules:
- apiGroups: - apiGroups:
- '*' - '*'
resources: resources:
- policies
- policies/status
- clusterpolicies - clusterpolicies
- clusterpolicies/status - clusterpolicies/status
- clusterpolicyviolations - clusterpolicyviolations
@ -885,6 +887,37 @@ rules:
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
- apiGroups:
- kyverno.io
resources:
- policies
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
- policies
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata: metadata:
name: kyverno:policyviolations name: kyverno:policyviolations
rules: rules:
@ -918,12 +951,13 @@ kind: ClusterRole
metadata: metadata:
labels: labels:
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kyverno:view-policyviolations name: kyverno:view-policies-policyviolations
rules: rules:
- apiGroups: - apiGroups:
- kyverno.io - kyverno.io
resources: resources:
- policyviolations - policyviolations
- policies
verbs: verbs:
- get - get
- list - list

View file

@ -170,6 +170,8 @@ rules:
- apiGroups: - apiGroups:
- '*' - '*'
resources: resources:
- policies
- policies/status
- clusterpolicies - clusterpolicies
- clusterpolicies/status - clusterpolicies/status
- clusterpolicyviolations - clusterpolicyviolations

View file

@ -763,6 +763,8 @@ rules:
- apiGroups: - apiGroups:
- '*' - '*'
resources: resources:
- policies
- policies/status
- clusterpolicies - clusterpolicies
- clusterpolicies/status - clusterpolicies/status
- clusterpolicyviolations - clusterpolicyviolations