From 2d65aa29fac902a0da33e8ec8abaa588aa4394a4 Mon Sep 17 00:00:00 2001 From: okozachenko Date: Wed, 5 Aug 2020 00:52:18 +0300 Subject: [PATCH] Add service permission to member role Change-Id: Iab5f566ce4cbadb1df6cfa1c57756b6c66e0e1e2 --- charts/rbac/templates/clusterrole-members.yaml | 12 ++++++++++-- playbooks/functional.yaml | 8 +++++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/charts/rbac/templates/clusterrole-members.yaml b/charts/rbac/templates/clusterrole-members.yaml index 8d81846..71b83bd 100644 --- a/charts/rbac/templates/clusterrole-members.yaml +++ b/charts/rbac/templates/clusterrole-members.yaml @@ -18,9 +18,17 @@ kind: ClusterRole metadata: name: rbac-members rules: -# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs +# List and get configmap, pv & pvc and namespaces, nodes & pods & pod logs & services - apiGroups: [""] - resources: ["configmaps", "nodes", "namespaces", "persistentvolumeclaims", "persistentvolumes", "pods", "pods/log"] + resources: + - "configmaps" + - "nodes" + - "namespaces" + - "persistentvolumeclaims" + - "persistentvolumes" + - "pods" + - "pods/log" + - "services" verbs: ["get", "list", "watch"] # List all get applications - apiGroups: ["apps"] diff --git a/playbooks/functional.yaml b/playbooks/functional.yaml index eeb34d5..7b86b42 100644 --- a/playbooks/functional.yaml +++ b/playbooks/functional.yaml @@ -146,4 +146,10 @@ - name: Ensure listing configmaps works shell: kubectl --context=test get configmaps - name: Ensure getting a configmap works - shell: kubectl --context=test get configmap test \ No newline at end of file + shell: kubectl --context=test get configmap test + + # List and get service + - name: Ensure listing services works + shell: kubectl --context=test get services + - name: Ensure getting a configmap works + shell: kubectl --context=test get service kubernetes \ No newline at end of file