Skip to content

Commit

Permalink
Add RBAC rules for infrastructure and bootstrap resources (#1095)
Browse files Browse the repository at this point in the history
Signed-off-by: Vince Prignano <[email protected]>
  • Loading branch information
vincepri authored and k8s-ci-robot committed Jul 1, 2019
1 parent 554a3a1 commit 6c10af9
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 29 deletions.
31 changes: 6 additions & 25 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,32 +40,13 @@ rules:
- cluster.sigs.k8s.io
resources:
- clusters
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- cluster.sigs.k8s.io
resources:
- clusters/status
- machines
- machines/status
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- cluster.sigs.k8s.io
resources:
- machinedeployments
- machinedeployments/status
- machinesets
- machinesets/status
verbs:
- get
- list
Expand All @@ -75,10 +56,10 @@ rules:
- patch
- delete
- apiGroups:
- cluster.sigs.k8s.io
- infrastructure.cluster.sigs.k8s.io
- bootstrap.cluster.sigs.k8s.io
resources:
- machinesets
- machinesets/status
- '*'
verbs:
- get
- list
Expand Down
6 changes: 2 additions & 4 deletions pkg/controller/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,8 @@ import (
// +kubebuilder:rbac:groups=core,resources=events,verbs=get;list;watch;create;patch
// +kubebuilder:rbac:groups=core,resources=secrets,verbs=get;list;watch
// +kubebuilder:rbac:groups=core,resources=nodes,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cluster.sigs.k8s.io,resources=clusters,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cluster.sigs.k8s.io,resources=machines;machines/status,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cluster.sigs.k8s.io,resources=machinedeployments;machinedeployments/status,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cluster.sigs.k8s.io,resources=machinesets;machinesets/status,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=cluster.sigs.k8s.io,resources=clusters;clusters/status;machines;machines/status;machinedeployments;machinedeployments/status;machinesets;machinesets/status,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=infrastructure.cluster.sigs.k8s.io;bootstrap.cluster.sigs.k8s.io,resources=*,verbs=get;list;watch;create;update;patch;delete

// AddToManagerFuncs is a list of functions to add all Controllers to the Manager
var AddToManagerFuncs []func(manager.Manager) error
Expand Down
1 change: 1 addition & 0 deletions pkg/controller/machinedeployment/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ go_library(
"//vendor/k8s.io/client-go/util/retry:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
"//vendor/k8s.io/utils/integer:go_default_library",
"//vendor/k8s.io/utils/pointer:go_default_library",
"//vendor/sigs.k8s.io/controller-runtime/pkg/client:go_default_library",
"//vendor/sigs.k8s.io/controller-runtime/pkg/controller:go_default_library",
"//vendor/sigs.k8s.io/controller-runtime/pkg/handler:go_default_library",
Expand Down
1 change: 1 addition & 0 deletions pkg/controller/machineset/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ go_library(
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/client-go/tools/record:go_default_library",
"//vendor/k8s.io/klog:go_default_library",
"//vendor/k8s.io/utils/pointer:go_default_library",
"//vendor/sigs.k8s.io/controller-runtime/pkg/client:go_default_library",
"//vendor/sigs.k8s.io/controller-runtime/pkg/controller:go_default_library",
"//vendor/sigs.k8s.io/controller-runtime/pkg/handler:go_default_library",
Expand Down

0 comments on commit 6c10af9

Please sign in to comment.