mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-04-16 09:16:24 +00:00
Code Activity

update rabc in Helm charts

Browse source
This commit is contained in:
Shuting Zhao 2020-11-19 14:29:37 -08:00
parent a542c937ab
commit 9474761026
3 changed files with 72 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

61
charts/kyverno/templates/clusterrole.yaml
View file

@ -1,5 +1,5 @@
{{- if .Values.rbac.create }} {{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ template "kyverno.fullname" . }}:policyviolations name: {{ template "kyverno.fullname" . }}:policyviolations
@ -68,8 +68,10 @@ rules:
- rolebindings - rolebindings
- clusterrolebindings - clusterrolebindings
- configmaps - configmaps
- namespaces
verbs: verbs:
- watch - watch
- list
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@ -84,13 +86,21 @@ rules:
- policies/status - policies/status
- clusterpolicies - clusterpolicies
- clusterpolicies/status - clusterpolicies/status
- policyreports
- policyreports/status
- clusterpolicyreports
- clusterpolicyreports/status
- generaterequests - generaterequests
- generaterequests/status - generaterequests/status
- reportchangerequests
- reportchangerequests/status
- clusterreportchangerequests
- clusterreportchangerequests/status
verbs: verbs:
- create - create
- delete - delete
- get - get
- list - list
- patch - patch
- update - update
- watch - watch
@ -153,3 +163,48 @@ rules:
verbs: verbs:
- watch - watch
{{- end }} {{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: {{ template "kyverno.fullname" . }}:admin-policies
rules:
- apiGroups:
- kyverno.io
resources:
- policies
- clusterpolicies
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: {{ template "kyverno.fullname" . }}:admin-policyreport
rules:
- apiGroups:
- wgpolicyk8s.io/v1alpha1
resources:
- policyreport
- clusterpolicyreport
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: {{ template "kyverno.fullname" . }}:admin-reportchangerequest
rules:
- apiGroups:
- kyverno.io
resources:
- reportchangerequests
- clusterreportchangerequests
verbs:
- "*"

13
charts/kyverno/templates/clusterrolebinding.yaml
View file

@ -1,4 +1,17 @@
{{- if .Values.rbac.create }} {{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kyverno.fullname" . }}:policyviolations
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kyverno.fullname" . }}:policyviolations
subjects:
- kind: ServiceAccount
name: {{ template "kyverno.serviceAccountName" . }}
namespace: {{ template "kyverno.namespace" . }}
---
kind: ClusterRoleBinding kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:

2
definitions/k8s-resource/clusterroles.yaml
View file

@ -24,7 +24,7 @@ metadata:
name: kyverno-service-account name: kyverno-service-account
namespace: kyverno namespace: kyverno
--- ---
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: kyverno:policyviolations name: kyverno:policyviolations