Skip to content

Commit 9e1bf11

Browse files
tamalsahatamalsaha
committed
Fix RBAC permission for release 0.4
1 parent e6065cb commit 9e1bf11

1 file changed

Lines changed: 15 additions & 9 deletions

File tree

hack/deploy/stash-with-rbac.yaml

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -10,26 +10,25 @@ rules:
1010
verbs: ["get", "create"]
1111
- apiGroups:
1212
- stash.appscode.com
13-
resources:
14-
- restics
13+
resources: ["*"]
1514
verbs: ["*"]
1615
- apiGroups:
1716
- extensions
1817
resources:
1918
- deployments
2019
- replicasets
2120
- daemonsets
22-
verbs: ["list", "watch", "update"]
21+
verbs: ["get", "list", "watch", "update"]
2322
- apiGroups:
2423
- apps
2524
resources:
2625
- deployments
27-
verbs: ["list", "watch", "update"]
26+
verbs: ["get", "list", "watch", "update"]
2827
- apiGroups: [""]
2928
resources:
3029
- namespaces
3130
- replicationcontrollers
32-
verbs: ["list", "watch", "update"]
31+
verbs: ["get", "list", "watch", "update"]
3332
- apiGroups: [""]
3433
resources:
3534
- secrets
@@ -42,10 +41,17 @@ rules:
4241
resources:
4342
- pods
4443
verbs: ["list", delete"]
44+
- apiGroups:
45+
- rbac.authorization.k8s.io
46+
resources:
47+
- rolebindings
48+
verbs: ["get", "create", "delete", "update"]
4549
---
4650
apiVersion: rbac.authorization.k8s.io/v1beta1
4751
kind: ClusterRoleBinding
4852
metadata:
53+
labels:
54+
app: stash
4955
name: stash-operator
5056
roleRef:
5157
apiGroup: rbac.authorization.k8s.io
@@ -59,6 +65,8 @@ subjects:
5965
apiVersion: v1
6066
kind: ServiceAccount
6167
metadata:
68+
labels:
69+
app: stash
6270
name: stash-operator
6371
namespace: kube-system
6472
---
@@ -85,6 +93,7 @@ spec:
8593
args:
8694
- run
8795
- --v=3
96+
- --rbac=true
8897
image: appscode/stash:0.4.1
8998
ports:
9099
- containerPort: 56790
@@ -131,9 +140,9 @@ spec:
131140
apiVersion: rbac.authorization.k8s.io/v1beta1
132141
kind: ClusterRole
133142
metadata:
134-
name: stash-sidecar
135143
labels:
136144
app: stash
145+
name: stash-sidecar
137146
rules:
138147
- apiGroups:
139148
- stash.appscode.com
@@ -149,9 +158,6 @@ rules:
149158
- apiGroups: [""]
150159
resources:
151160
- replicationcontrollers
152-
verbs: ["*"]
153-
- apiGroups: [""]
154-
resources:
155161
- secrets
156162
verbs: ["get"]
157163
- apiGroups: [""]

0 commit comments

Comments
 (0)