ivanch/litmus-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(permissions): Adding minimal permissions in all experiments (#423)

Browse Source 
* chore(permissions): Adding minimal permissions in all experimenys

Signed-off-by: shubhamchaudhary <shubham@chaosnative.com>

* fix(script): convert combine experiments code to binary

Signed-off-by: shubhamchaudhary <shubham@chaosnative.com>
This commit is contained in:
Shubham Chaudhary
2021-03-11 12:59:52 +05:30
committed by GitHub
parent df11ea13fe
commit 7b7cba0f70
47 changed files with 193 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
charts/kube-aws/ebs-loss/rbac.yaml
View File

@@ -16,9 +16,18 @@ metadata:
name: ebs-loss-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: ["","litmuschaos.io","batch"]
resources: ["pods","jobs","secrets","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["pods","events","secrets"]
verbs: ["create","list","get","patch","update","delete","deletecollection"]
- apiGroups: [""]
resources: ["pods/exec","pods/log"]
verbs: ["create","list","get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create","list","get","delete","deletecollection"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding

15
charts/kube-aws/ec2-terminate/rbac.yaml
View File

@@ -16,9 +16,18 @@ metadata:
name: ec2-terminate-sa
app.kubernetes.io/part-of: litmus
rules:
- apiGroups: ["","litmuschaos.io","batch"]
resources: ["pods","jobs","secrets","events","pods/log","pods/exec","chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update","delete"]
- apiGroups: [""]
resources: ["pods","events","secrets"]
verbs: ["create","list","get","patch","update","delete","deletecollection"]
- apiGroups: [""]
resources: ["pods/exec","pods/log"]
verbs: ["create","list","get"]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["create","list","get","delete","deletecollection"]
- apiGroups: ["litmuschaos.io"]
resources: ["chaosengines","chaosexperiments","chaosresults"]
verbs: ["create","list","get","patch","update"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding