update(rbac): Adding pods/log permission for failStep in all charts (#170)
Signed-off-by: shubhamchaudhary <shubham.chaudhary@mayadata.io>
This commit is contained in:
Shubham Chaudhary
committed by
GitHub
GitHub
parent
430cbc093c
commit
e2a12b6954
@@ -14,7 +14,7 @@ metadata:
|
|||||||
name: coredns-pod-delete-sa
|
name: coredns-pod-delete-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["services", "pods","jobs","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["services", "pods","jobs","events","pods/logs","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: container-kill-sa
|
name: container-kill-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","jobs","daemonsets","pods/exec","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","daemonsets","pods/exec","pods/logs","events","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: container-kill-sa
|
name: container-kill-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","jobs","daemonsets","pods/exec","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","daemonsets","pods/exec","pods/logs","events","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: disk-fill-sa
|
name: disk-fill-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch"]
|
- apiGroups: ["","apps","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","pods/exec","events","daemonsets","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/exec","events","pods/logs","daemonsets","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: disk-loss-sa
|
name: disk-loss-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","secrets","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","secrets","events","pods/logs","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: node-cpu-hog-sa
|
name: node-cpu-hog-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","jobs","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","chaosengines","pods/logs","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: node-drain-sa
|
name: node-drain-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","extensions"]
|
- apiGroups: ["","litmuschaos.io","batch","extensions"]
|
||||||
resources: ["pods","jobs","events","chaosengines","daemonsets","pods/eviction","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","chaosengines","pods/logs","daemonsets","pods/eviction","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: pod-cpu-hog-sa
|
name: pod-cpu-hog-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","pods/logs","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: pod-delete-sa
|
name: pod-delete-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","deployments","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","deployments","pods/logs","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: pod-network-corruption-sa
|
name: pod-network-corruption-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","pods/logs","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: pod-network-latency-sa
|
name: pod-network-latency-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/logs","events","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: pod-network-loss-sa
|
name: pod-network-loss-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch"]
|
- apiGroups: ["","litmuschaos.io","batch"]
|
||||||
resources: ["pods","jobs","events","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","events","pods/logs","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: kafka-broker-disk-failure-sa
|
name: kafka-broker-disk-failure-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","jobs","events","pods/exec","statefulsets","secrets","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/logs","events","pods/exec","statefulsets","secrets","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","delete"]
|
verbs: ["create","list","get","patch","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ metadata:
|
|||||||
name: kafka-broker-pod-failure-sa
|
name: kafka-broker-pod-failure-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","deployments","events","jobs","pods/exec","statefulsets","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","deployments","pods/logs","events","jobs","pods/exec","statefulsets","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","delete"]
|
verbs: ["create","list","get","patch","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: control-plane-sa
|
name: control-plane-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
- apiGroups: ["","litmuschaos.io","batch","apps"]
|
||||||
resources: ["pods","deployments","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","deployments","pods/logs","events","jobs","configmaps","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: pool-container-failure-sa
|
name: pool-container-failure-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
||||||
resources: ["pods","jobs","daemonsets","events","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","jobs","daemonsets","events","pods/logs","replicasets","pods/exec","configmaps","secrets","persistentvolumeclaims","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ metadata:
|
|||||||
name: pool-network-delay-sa
|
name: pool-network-delay-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
||||||
resources: ["pods","pods/exec","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
|
resources: ["pods","pods/exec","pods/logs","events","jobs","configmaps","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults","cstorpools","cstorvolumereplicas","replicasets"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -27,6 +27,7 @@ rules:
|
|||||||
- "pods"
|
- "pods"
|
||||||
- "pods/exec"
|
- "pods/exec"
|
||||||
- "jobs"
|
- "jobs"
|
||||||
|
- "pods/logs"
|
||||||
- "events"
|
- "events"
|
||||||
- "configmaps"
|
- "configmaps"
|
||||||
- "services"
|
- "services"
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: pool-pod-failure-sa
|
name: pool-pod-failure-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io","openebs.io"]
|
||||||
resources: ["pods","jobs","deployments","events","configmaps","secrets","replicasets","persistentvolumeclaims","storageclasses","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","jobs","deployments","pods/logs","events","configmaps","secrets","replicasets","persistentvolumeclaims","storageclasses","cstorvolumereplicas","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: target-container-failure-sa
|
name: target-container-failure-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"]
|
- apiGroups: ["","litmuschaos.io","batch","apps","storage.k8s.io"]
|
||||||
resources: ["pods","jobs","pods/exec","daemonsets","events","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"]
|
resources: ["pods","jobs","pods/logs","pods/exec","daemonsets","events","configmaps","secrets","persistentvolumeclaims","storageclasses","persistentvolumes","chaosengines","chaosexperiments","chaosresults"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: target-network-delay-sa
|
name: target-network-delay-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
||||||
resources: ["pods","pods/exec","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","pods/exec","pods/logs","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: target-network-loss-sa
|
name: target-network-loss-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
||||||
resources: ["pods","pods/exec","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
resources: ["pods","pods/exec","pods/logs","events","jobs","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes","chaosexperiments","chaosresults","chaosengines"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1beta1
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
|||||||
@@ -16,7 +16,7 @@ metadata:
|
|||||||
name: target-pod-failure-sa
|
name: target-pod-failure-sa
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
- apiGroups: ["","apps","litmuschaos.io","batch","extensions","storage.k8s.io"]
|
||||||
resources: ["pods","jobs","deployments","pods/exec","events","chaosexperiments","chaosresults","chaosengines","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes"]
|
resources: ["pods","jobs","pods/logs","deployments","pods/exec","events","chaosexperiments","chaosresults","chaosengines","configmaps","secrets","services","persistentvolumeclaims","storageclasses","persistentvolumes"]
|
||||||
verbs: ["create","list","get","patch","update","delete"]
|
verbs: ["create","list","get","patch","update","delete"]
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["nodes"]
|
resources: ["nodes"]
|
||||||
|
|||||||
Reference in New Issue
Block a user