Merge pull request #4933 from Danil-Grigorev/add-aggregated-role

k8s-ci-robot · web-flow · commit 52df930d5c63 · 2024-06-26T11:22:12.000-07:00
✨ Add aggregated role support
diff --git a/config/rbac/aggregation_role.yaml b/config/rbac/aggregation_role.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: aggregated-manager-role
+aggregationRule:
+  clusterRoleSelectors:
+  - matchLabels:
+      cluster.x-k8s.io/aggregate-to-capz-manager: "true"
+rules: []
diff --git a/config/rbac/capz_manager_role_patch.yaml b/config/rbac/capz_manager_role_patch.yaml
@@ -0,0 +1,6 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: manager-role
+  labels:
+    cluster.x-k8s.io/aggregate-to-capz-manager: "true"
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -2,7 +2,11 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - role.yaml
+- aggregation_role.yaml
 - role_binding.yaml
 - service_account.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+
+patches:
+- path: capz_manager_role_patch.yaml
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: aggregated-manager-role
 subjects:
 - kind: ServiceAccount
   name: manager
