From 53b324d5d6dbd246ebf31c8f7c212c2fd40c2e0b Mon Sep 17 00:00:00 2001 From: F1ko Date: Fri, 5 Jun 2020 15:52:39 +0200 Subject: [PATCH] add aggregated view clusterroles for default k8s roles (view, edit and admin) --- definitions/install.yaml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/definitions/install.yaml b/definitions/install.yaml index 7ac88d0732..734f541e4b 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -495,13 +495,27 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: - name: kyverno:policyviolations + name: kyverno:view-policyviolations + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" rules: - apiGroups: ["kyverno.io"] resources: - policyviolations verbs: ["get", "list", "watch"] --- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: kyverno:view-clusterpolicyviolations + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: ["kyverno.io"] + resources: + - clusterpolicyviolations + verbs: ["get", "list", "watch"] +--- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: