fix(rbac): authorization:namespace:owner ns owner not to remove cluster resources
!6
This commit is contained in:
@ -90,16 +90,14 @@ metadata:
|
|||||||
app.kubernetes.io/version: ''
|
app.kubernetes.io/version: ''
|
||||||
name: authorization:namespace:owner
|
name: authorization:namespace:owner
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: # Read-only access to resrouces
|
- apiGroups: # Read-Write access to resrouces
|
||||||
- "*"
|
- "*"
|
||||||
resources:
|
resources:
|
||||||
- awx
|
|
||||||
- cronjobs
|
- cronjobs
|
||||||
- daemonset
|
- daemonset
|
||||||
- deployments
|
- deployments
|
||||||
- helmcharts
|
- helmcharts
|
||||||
- helmchartconfigs
|
- helmchartconfigs
|
||||||
- ingress
|
|
||||||
- jobs
|
- jobs
|
||||||
- pods
|
- pods
|
||||||
- pvc
|
- pvc
|
||||||
@ -109,7 +107,6 @@ rules:
|
|||||||
- serviceaccount
|
- serviceaccount
|
||||||
- services
|
- services
|
||||||
- statefuleset
|
- statefuleset
|
||||||
- storageclasses
|
|
||||||
- configmap
|
- configmap
|
||||||
verbs:
|
verbs:
|
||||||
- create
|
- create
|
||||||
@ -117,6 +114,23 @@ rules:
|
|||||||
- list
|
- list
|
||||||
- watch
|
- watch
|
||||||
- delete
|
- delete
|
||||||
|
- apiGroups: # Read-Remove access
|
||||||
|
- "*"
|
||||||
|
resources:
|
||||||
|
- ingress
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- delete
|
||||||
|
- apiGroups: # Read access
|
||||||
|
- "*"
|
||||||
|
resources:
|
||||||
|
- storageclasses
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
|||||||
Reference in New Issue
Block a user