Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add aggregated ClusterRoles for view and edit permissions of custom resources

Jeremy Bopp 5 years ago
parent
d131ea356d
commit
5afa7795af
1 changed files with 43 additions and 0 deletions
Split View Show Diff Stats
  1. 43 0
      deploy/charts/external-secrets/templates/rbac.yaml

+ 43 - 0
deploy/charts/external-secrets/templates/rbac.yaml
View File 

@@ -52,6 +52,49 @@ rules:
 
     - "patch"
 
 ---
 
 apiVersion: rbac.authorization.k8s.io/v1
 
+kind: ClusterRole
 
+metadata:
 
+  name: {{ include "external-secrets.fullname" . }}-view
 
+  labels:
 
+    {{- include "external-secrets.labels" . | nindent 4 }}
 
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
 
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
 
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 
+rules:
 
+  - apiGroups:
 
+      - "external-secrets.io"
 
+    resources:
 
+      - "externalsecrets"
 
+      - "secretstores"
 
+      - "clustersecretstores"
 
+    verbs:
 
+      - "get"
 
+      - "watch"
 
+      - "list"
 
+---
 
+apiVersion: rbac.authorization.k8s.io/v1
 
+kind: ClusterRole
 
+metadata:
 
+  name: {{ include "external-secrets.fullname" . }}-edit
 
+  labels:
 
+    {{- include "external-secrets.labels" . | nindent 4 }}
 
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
 
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 
+rules:
 
+  - apiGroups:
 
+      - "external-secrets.io"
 
+    resources:
 
+      - "externalsecrets"
 
+      - "secretstores"
 
+      - "clustersecretstores"
 
+    verbs:
 
+      - "create"
 
+      - "delete"
 
+      - "deletecollection"
 
+      - "patch"
 
+      - "update"
 
+---
 
+apiVersion: rbac.authorization.k8s.io/v1
 
 kind: ClusterRoleBinding
 
 metadata:
 
   name: {{ include "external-secrets.fullname" . }}-controller