jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
charts/teleport-kube-agent/tests/__snapshot__/clusterrole_test.yaml.snap
Jonny Ervine b76e232ac2 Add teleport agent update
2024-08-15 22:45:43 +08:00

118 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

adds services listing permission if discovery is enabled:
1: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: RELEASE-NAME
rules:
- apiGroups:
- ""
resources:
- users
- groups
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- ""
resources:
- services
verbs:
- list
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- authorization.k8s.io
resources:
- selfsubjectaccessreviews
verbs:
- create
creates a ClusterRole:
1: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: RELEASE-NAME
rules:
- apiGroups:
- ""
resources:
- users
- groups
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- authorization.k8s.io
resources:
- selfsubjectaccessreviews
verbs:
- create
does not add services listing permission if discovery is disabled:
1: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: RELEASE-NAME
rules:
- apiGroups:
- ""
resources:
- users
- groups
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- authorization.k8s.io
resources:
- selfsubjectaccessreviews
verbs:
- create
sets ClusterRole labels when specified:
1: |
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: teleport-kube-agent
resource: clusterrole
name: RELEASE-NAME
rules:
- apiGroups:
- ""
resources:
- users
- groups
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- authorization.k8s.io
resources:
- selfsubjectaccessreviews
verbs:
- create
Reference in New Issue View Git Blame Copy Permalink