feat(permissions): Adding node as a resource in RBAC (#193)
Signed-off-by: shubhamchaudhary <shubham.chaudhary@mayadata.io>
This commit is contained in:
Shubham Chaudhary
committed by
GitHub
GitHub
parent
f1cf739b3b
commit
1f7ad0f1e1
@@ -31,6 +31,13 @@ spec:
|
|||||||
- "update"
|
- "update"
|
||||||
- "patch"
|
- "patch"
|
||||||
- "delete"
|
- "delete"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","daemonsets","pods/exec","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
|
|||||||
@@ -32,6 +32,13 @@ spec:
|
|||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
- "delete"
|
- "delete"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -17,6 +17,9 @@ rules:
|
|||||||
- apiGroups: ["","apps","litmuschaos.io","batch"]
|
- apiGroups: ["","apps","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","pods/exec","events","pods/log","daemonsets","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/exec","events","pods/log","daemonsets","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
@@ -29,6 +29,13 @@ spec:
|
|||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
- "delete"
|
- "delete"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
|
|||||||
@@ -29,6 +29,13 @@ spec:
|
|||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
- "get"
|
- "get"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
|
|||||||
@@ -29,6 +29,13 @@ spec:
|
|||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
- "delete"
|
- "delete"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/log","events","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
|
|||||||
@@ -29,6 +29,13 @@ spec:
|
|||||||
- "create"
|
- "create"
|
||||||
- "update"
|
- "update"
|
||||||
- "delete"
|
- "delete"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -17,6 +17,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","pods/log","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: RoleBinding
|
kind: RoleBinding
|
||||||
|
|||||||
@@ -43,6 +43,13 @@ spec:
|
|||||||
- "list"
|
- "list"
|
||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
||||||
resources: ["pods","jobs","daemonsets","events","pods/log","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","jobs","daemonsets","events","pods/log","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
@@ -45,6 +45,13 @@ spec:
|
|||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
- "delete"
|
- "delete"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -17,6 +17,9 @@ rules:
|
|||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
||||||
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
|
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
@@ -45,6 +45,13 @@ spec:
|
|||||||
- "list"
|
- "list"
|
||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -15,39 +15,12 @@ metadata:
|
|||||||
labels:
|
labels:
|
||||||
name: pool-network-loss-sa
|
name: pool-network-loss-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
||||||
- ""
|
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
|
||||||
- "apps"
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- "litmuschaos.io"
|
- apiGroups: [""]
|
||||||
- "batch"
|
resources: ["nodes"]
|
||||||
- "extensions"
|
verbs: ["get","list"]
|
||||||
- "storage.k8s.io"
|
|
||||||
- "openebs.io"
|
|
||||||
resources:
|
|
||||||
- "pods"
|
|
||||||
- "pods/exec"
|
|
||||||
- "jobs"
|
|
||||||
- "pods/log"
|
|
||||||
- "events"
|
|
||||||
- "configmaps"
|
|
||||||
- "services"
|
|
||||||
- "persistentvolumeclaims"
|
|
||||||
- "storageclasses"
|
|
||||||
- "persistentvolumeclaims"
|
|
||||||
- "persistentvolumes"
|
|
||||||
- "chaosengines"
|
|
||||||
- "chaosexperiments"
|
|
||||||
- "chaosresults"
|
|
||||||
- "cstorpools"
|
|
||||||
- "cstorvolumereplicas"
|
|
||||||
- "replicasets"
|
|
||||||
verbs:
|
|
||||||
- "create"
|
|
||||||
- "get"
|
|
||||||
- "delete"
|
|
||||||
- "list"
|
|
||||||
- "patch"
|
|
||||||
- "update"
|
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
@@ -41,6 +41,13 @@ spec:
|
|||||||
- "list"
|
- "list"
|
||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"]
|
- apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"]
|
||||||
resources: ["pods","jobs","pods/log","pods/exec","daemonsets","events","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/log","pods/exec","daemonsets","events","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
@@ -41,6 +41,13 @@ spec:
|
|||||||
- "list"
|
- "list"
|
||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
||||||
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
@@ -41,6 +41,13 @@ spec:
|
|||||||
- "list"
|
- "list"
|
||||||
- "patch"
|
- "patch"
|
||||||
- "update"
|
- "update"
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- "nodes"
|
||||||
|
verbs:
|
||||||
|
- "get"
|
||||||
|
- "list"
|
||||||
image: "litmuschaos/ansible-runner:latest"
|
image: "litmuschaos/ansible-runner:latest"
|
||||||
args:
|
args:
|
||||||
- -c
|
- -c
|
||||||
|
|||||||
@@ -18,6 +18,9 @@ rules:
|
|||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
||||||
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","pods/exec","pods/log","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["nodes"]
|
||||||
|
verbs: ["get","list"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
|
|||||||
Reference in New Issue
Block a user