mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 12:17:56 +00:00
add watch policy to clusterrole kyverno:customresources (#1084)
This commit is contained in:
parent
8105e4cad8
commit
513f5ec898
6 changed files with 59 additions and 17 deletions
|
@ -31,6 +31,10 @@ spec:
|
||||||
type: array
|
type: array
|
||||||
resources:
|
resources:
|
||||||
properties:
|
properties:
|
||||||
|
annotations:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
kinds:
|
kinds:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
@ -41,10 +45,6 @@ spec:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
annotations:
|
|
||||||
type: object
|
|
||||||
additionalProperties:
|
|
||||||
type: string
|
|
||||||
selector:
|
selector:
|
||||||
properties:
|
properties:
|
||||||
matchExpressions:
|
matchExpressions:
|
||||||
|
@ -125,6 +125,10 @@ spec:
|
||||||
resources:
|
resources:
|
||||||
minProperties: 1
|
minProperties: 1
|
||||||
properties:
|
properties:
|
||||||
|
annotations:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
kinds:
|
kinds:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
@ -135,10 +139,6 @@ spec:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
annotations:
|
|
||||||
type: object
|
|
||||||
additionalProperties:
|
|
||||||
type: string
|
|
||||||
selector:
|
selector:
|
||||||
properties:
|
properties:
|
||||||
matchExpressions:
|
matchExpressions:
|
||||||
|
|
|
@ -80,6 +80,8 @@ rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- '*'
|
- '*'
|
||||||
resources:
|
resources:
|
||||||
|
- policies
|
||||||
|
- policies/status
|
||||||
- clusterpolicies
|
- clusterpolicies
|
||||||
- clusterpolicies/status
|
- clusterpolicies/status
|
||||||
- clusterpolicyviolations
|
- clusterpolicyviolations
|
||||||
|
|
|
@ -763,6 +763,8 @@ rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- '*'
|
- '*'
|
||||||
resources:
|
resources:
|
||||||
|
- policies
|
||||||
|
- policies/status
|
||||||
- clusterpolicies
|
- clusterpolicies
|
||||||
- clusterpolicies/status
|
- clusterpolicies/status
|
||||||
- clusterpolicyviolations
|
- clusterpolicyviolations
|
||||||
|
|
|
@ -36,6 +36,10 @@ spec:
|
||||||
type: array
|
type: array
|
||||||
resources:
|
resources:
|
||||||
properties:
|
properties:
|
||||||
|
annotations:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
kinds:
|
kinds:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
@ -46,10 +50,6 @@ spec:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
annotations:
|
|
||||||
type: object
|
|
||||||
additionalProperties:
|
|
||||||
type: string
|
|
||||||
selector:
|
selector:
|
||||||
properties:
|
properties:
|
||||||
matchExpressions:
|
matchExpressions:
|
||||||
|
@ -130,6 +130,10 @@ spec:
|
||||||
resources:
|
resources:
|
||||||
minProperties: 1
|
minProperties: 1
|
||||||
properties:
|
properties:
|
||||||
|
annotations:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
kinds:
|
kinds:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
@ -140,10 +144,6 @@ spec:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
type: array
|
type: array
|
||||||
annotations:
|
|
||||||
type: object
|
|
||||||
additionalProperties:
|
|
||||||
type: string
|
|
||||||
selector:
|
selector:
|
||||||
properties:
|
properties:
|
||||||
matchExpressions:
|
matchExpressions:
|
||||||
|
@ -763,6 +763,8 @@ rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- '*'
|
- '*'
|
||||||
resources:
|
resources:
|
||||||
|
- policies
|
||||||
|
- policies/status
|
||||||
- clusterpolicies
|
- clusterpolicies
|
||||||
- clusterpolicies/status
|
- clusterpolicies/status
|
||||||
- clusterpolicyviolations
|
- clusterpolicyviolations
|
||||||
|
@ -885,6 +887,37 @@ rules:
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-admin: "true"
|
||||||
|
name: kyverno:admin-policies
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- kyverno.io
|
||||||
|
resources:
|
||||||
|
- policies
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
rbac.authorization.k8s.io/aggregate-to-edit: "true"
|
||||||
|
name: kyverno:edit-policies-policyviolations
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- kyverno.io
|
||||||
|
resources:
|
||||||
|
- policyviolations
|
||||||
|
- policies
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: kyverno:policyviolations
|
name: kyverno:policyviolations
|
||||||
rules:
|
rules:
|
||||||
|
@ -918,12 +951,13 @@ kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
rbac.authorization.k8s.io/aggregate-to-view: "true"
|
||||||
name: kyverno:view-policyviolations
|
name: kyverno:view-policies-policyviolations
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- kyverno.io
|
- kyverno.io
|
||||||
resources:
|
resources:
|
||||||
- policyviolations
|
- policyviolations
|
||||||
|
- policies
|
||||||
verbs:
|
verbs:
|
||||||
- get
|
- get
|
||||||
- list
|
- list
|
||||||
|
|
|
@ -170,6 +170,8 @@ rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- '*'
|
- '*'
|
||||||
resources:
|
resources:
|
||||||
|
- policies
|
||||||
|
- policies/status
|
||||||
- clusterpolicies
|
- clusterpolicies
|
||||||
- clusterpolicies/status
|
- clusterpolicies/status
|
||||||
- clusterpolicyviolations
|
- clusterpolicyviolations
|
||||||
|
|
|
@ -763,6 +763,8 @@ rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- '*'
|
- '*'
|
||||||
resources:
|
resources:
|
||||||
|
- policies
|
||||||
|
- policies/status
|
||||||
- clusterpolicies
|
- clusterpolicies
|
||||||
- clusterpolicies/status
|
- clusterpolicies/status
|
||||||
- clusterpolicyviolations
|
- clusterpolicyviolations
|
||||||
|
|
Loading…
Add table
Reference in a new issue