From 79c5c8c0daa17af7a8c704c420c5fc3f05b8e952 Mon Sep 17 00:00:00 2001 From: bharathappali Date: Wed, 8 Jan 2025 14:11:05 +0530 Subject: [PATCH] add manifest changes to add cluster roles and bindings Signed-off-by: bharathappali --- .../minikube/kruize-crc-minikube.yaml | 47 +++++++++++++++++++ .../openshift/kruize-crc-openshift.yaml | 47 +++++++++++++++++++ 2 files changed, 94 insertions(+) diff --git a/manifests/crc/default-db-included-installation/minikube/kruize-crc-minikube.yaml b/manifests/crc/default-db-included-installation/minikube/kruize-crc-minikube.yaml index f584b7e83..039520d1d 100644 --- a/manifests/crc/default-db-included-installation/minikube/kruize-crc-minikube.yaml +++ b/manifests/crc/default-db-included-installation/minikube/kruize-crc-minikube.yaml @@ -50,6 +50,53 @@ roleRef: kind: ClusterRole name: kruize-recommendation-updater --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kruize-edit-ko +rules: + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets", "daemonsets"] + verbs: ["get", "patch", "update"] + - apiGroups: [ "batch" ] + resources: [ "jobs" ] + verbs: [ "get", "patch", "update" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: instaslices-access +rules: + - apiGroups: ["inference.redhat.com"] + resources: ["instaslices"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: instaslices-access-binding +subjects: + - kind: ServiceAccount + name: default + namespace: monitoring +roleRef: + kind: ClusterRole + name: instaslices-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kruize-edit-ko-binding +subjects: + - kind: ServiceAccount + name: default + namespace: monitoring +roleRef: + kind: ClusterRole + name: kruize-edit-ko + apiGroup: rbac.authorization.k8s.io +--- apiVersion: v1 kind: PersistentVolume metadata: diff --git a/manifests/crc/default-db-included-installation/openshift/kruize-crc-openshift.yaml b/manifests/crc/default-db-included-installation/openshift/kruize-crc-openshift.yaml index 62b4d08aa..6aede9a10 100644 --- a/manifests/crc/default-db-included-installation/openshift/kruize-crc-openshift.yaml +++ b/manifests/crc/default-db-included-installation/openshift/kruize-crc-openshift.yaml @@ -75,6 +75,53 @@ roleRef: apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kruize-edit-ko +rules: + - apiGroups: ["apps"] + resources: ["deployments", "statefulsets", "daemonsets"] + verbs: ["get", "patch", "update"] + - apiGroups: [ "batch" ] + resources: [ "jobs" ] + verbs: [ "get", "patch", "update" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: instaslices-access +rules: + - apiGroups: ["inference.redhat.com"] + resources: ["instaslices"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: instaslices-access-binding +subjects: + - kind: ServiceAccount + name: kruize-sa + namespace: openshift-tuning +roleRef: + kind: ClusterRole + name: instaslices-access + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kruize-edit-ko-binding +subjects: + - kind: ServiceAccount + name: kruize-sa + namespace: openshift-tuning +roleRef: + kind: ClusterRole + name: kruize-edit-ko + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: autotune-scc-crb