Add service permission to member role
Change-Id: Iab5f566ce4cbadb1df6cfa1c57756b6c66e0e1e2
This commit is contained in:
parent
e5b54502e1
commit
2d65aa29fa
@ -18,9 +18,17 @@ kind: ClusterRole
|
|||||||
metadata:
|
metadata:
|
||||||
name: rbac-members
|
name: rbac-members
|
||||||
rules:
|
rules:
|
||||||
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs
|
# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs & services
|
||||||
- apiGroups: [""]
|
- apiGroups: [""]
|
||||||
resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"]
|
resources:
|
||||||
|
- "configmaps"
|
||||||
|
- "nodes"
|
||||||
|
- "namespaces"
|
||||||
|
- "persistentvolumeclaims"
|
||||||
|
- "persistentvolumes"
|
||||||
|
- "pods"
|
||||||
|
- "pods/log"
|
||||||
|
- "services"
|
||||||
verbs: ["get", "list", "watch"]
|
verbs: ["get", "list", "watch"]
|
||||||
# List all get applications
|
# List all get applications
|
||||||
- apiGroups: ["apps"]
|
- apiGroups: ["apps"]
|
||||||
|
@ -146,4 +146,10 @@
|
|||||||
- name: Ensure listing configmaps works
|
- name: Ensure listing configmaps works
|
||||||
shell: kubectl --context=test get configmaps
|
shell: kubectl --context=test get configmaps
|
||||||
- name: Ensure getting a configmap works
|
- name: Ensure getting a configmap works
|
||||||
shell: kubectl --context=test get configmap test
|
shell: kubectl --context=test get configmap test
|
||||||
|
|
||||||
|
# List and get service
|
||||||
|
- name: Ensure listing services works
|
||||||
|
shell: kubectl --context=test get services
|
||||||
|
- name: Ensure getting a configmap works
|
||||||
|
shell: kubectl --context=test get service kubernetes
|
Loading…
Reference in New Issue
Block a user