From 43e34d23c56420b7b34ab8f6ce12970e1c63853f Mon Sep 17 00:00:00 2001 From: Kevin Date: Thu, 25 Jan 2024 13:56:38 -0500 Subject: [PATCH] add roles for admin and editor to operator Signed-off-by: Kevin --- config/rbac/admin_role.yaml | 22 ++++++++++++++++++++++ config/rbac/editor_role.yaml | 24 ++++++++++++++++++++++++ config/rbac/kustomization.yaml | 2 ++ 3 files changed, 48 insertions(+) create mode 100644 config/rbac/admin_role.yaml create mode 100644 config/rbac/editor_role.yaml diff --git a/config/rbac/admin_role.yaml b/config/rbac/admin_role.yaml new file mode 100644 index 000000000..b4f4728ca --- /dev/null +++ b/config/rbac/admin_role.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: clusterrole-admin + labels: + rbac.authorization.kubernetes.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - quota.codeflare.dev + resources: + - quotasubtrees + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/config/rbac/editor_role.yaml b/config/rbac/editor_role.yaml new file mode 100644 index 000000000..aa341297d --- /dev/null +++ b/config/rbac/editor_role.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.kubernetes.io/autoupdate: "true" + name: clusterrole-edit + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: + - workload.codeflare.dev + resources: + - schedulingspecs + - appwrappers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index cdb307c82..a74a16f1d 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -4,6 +4,8 @@ resources: # if your manager will use a service account that exists at # runtime. Be sure to update RoleBinding and ClusterRoleBinding # subjects if changing service account names. +- admin_role.yaml +- editor_role.yaml - service_account.yaml - role.yaml - role_binding.yaml