fix(rbac): authorization:namespace:owner ns owner not to remove cluster resources
!6
This commit is contained in:
@ -90,16 +90,14 @@ metadata:
|
||||
app.kubernetes.io/version: ''
|
||||
name: authorization:namespace:owner
|
||||
rules:
|
||||
- apiGroups: # Read-only access to resrouces
|
||||
- apiGroups: # Read-Write access to resrouces
|
||||
- "*"
|
||||
resources:
|
||||
- awx
|
||||
- cronjobs
|
||||
- daemonset
|
||||
- deployments
|
||||
- helmcharts
|
||||
- helmchartconfigs
|
||||
- ingress
|
||||
- jobs
|
||||
- pods
|
||||
- pvc
|
||||
@ -109,7 +107,6 @@ rules:
|
||||
- serviceaccount
|
||||
- services
|
||||
- statefuleset
|
||||
- storageclasses
|
||||
- configmap
|
||||
verbs:
|
||||
- create
|
||||
@ -117,6 +114,23 @@ rules:
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups: # Read-Remove access
|
||||
- "*"
|
||||
resources:
|
||||
- ingress
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- delete
|
||||
- apiGroups: # Read access
|
||||
- "*"
|
||||
resources:
|
||||
- storageclasses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
||||
Reference in New Issue
Block a user