mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2024-12-14 11:57:48 +00:00
Code Activity

add watch policy to clusterrole kyverno:customresources (#1084)

Browse source
This commit is contained in:
shuting 2020-08-24 12:27:16 -07:00 committed by GitHub
parent 8105e4cad8
commit 513f5ec898
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 59 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
charts/kyverno/crds/crds.yaml
View file

@ -31,6 +31,10 @@ spec:
type: array
resources:
properties:
annotations:
additionalProperties:
type: string
type: object
kinds:
items:
type: string
@ -41,10 +45,6 @@ spec:
items:
type: string
type: array
annotations:
type: object
additionalProperties:
type: string
selector:
properties:
matchExpressions:
@ -125,6 +125,10 @@ spec:
resources:
minProperties: 1
properties:
annotations:
additionalProperties:
type: string
type: object
kinds:
items:
type: string
@ -135,10 +139,6 @@ spec:
items:
type: string
type: array
annotations:
type: object
additionalProperties:
type: string
selector:
properties:
matchExpressions:

2
charts/kyverno/templates/clusterrole.yaml
View file

@ -80,6 +80,8 @@ rules:
- apiGroups:
- '*'
resources:
- policies
- policies/status
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations

2
definitions/install.yaml
View file

@ -763,6 +763,8 @@ rules:
- apiGroups:
- '*'
resources:
- policies
- policies/status
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations

52
definitions/install_debug.yaml
View file

@ -36,6 +36,10 @@ spec:
type: array
resources:
properties:
annotations:
additionalProperties:
type: string
type: object
kinds:
items:
type: string
@ -46,10 +50,6 @@ spec:
items:
type: string
type: array
annotations:
type: object
additionalProperties:
type: string
selector:
properties:
matchExpressions:
@ -130,6 +130,10 @@ spec:
resources:
minProperties: 1
properties:
annotations:
additionalProperties:
type: string
type: object
kinds:
items:
type: string
@ -140,10 +144,6 @@ spec:
items:
type: string
type: array
annotations:
type: object
additionalProperties:
type: string
selector:
properties:
matchExpressions:
@ -763,6 +763,8 @@ rules:
- apiGroups:
- '*'
resources:
- policies
- policies/status
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations
@ -885,6 +887,37 @@ rules:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
- apiGroups:
- kyverno.io
resources:
- policies
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: kyverno:edit-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
- policies
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: kyverno:policyviolations
rules:
@ -918,12 +951,13 @@ kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: kyverno:view-policyviolations
name: kyverno:view-policies-policyviolations
rules:
- apiGroups:
- kyverno.io
resources:
- policyviolations
- policies
verbs:
- get
- list

2
definitions/k8s-resource/rbac.yaml
View file

@ -170,6 +170,8 @@ rules:
- apiGroups:
- '*'
resources:
- policies
- policies/status
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations

2
definitions/release/install.yaml
View file

@ -763,6 +763,8 @@ rules:
- apiGroups:
- '*'
resources:
- policies
- policies/status
- clusterpolicies
- clusterpolicies/status
- clusterpolicyviolations