Skip to content
This repository was archived by the owner on Aug 2, 2019. It is now read-only.

Commit 4eeb10f

Browse files
jcrossley3jcrossley3
authored
Merge pull request #19 from openshift-cloud-functions/OCF-377
Extra RBAC rules for knative 0.3.0 to run on OpenShift
2 parents 041f1a2 + 42cccc6 commit 4eeb10f

File tree

4 files changed

+682
-26
lines changed

4 files changed

+682
-26
lines changed

knative-operators.catalogsource.yaml

Lines changed: 341 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1127,15 +1127,141 @@ data:
11271127
- serviceAccountName: build-controller
11281128
rules:
11291129
- apiGroups:
1130-
- '*'
1130+
- ""
11311131
resources:
1132-
- '*'
1132+
- pods
1133+
- namespaces
1134+
- secrets
1135+
- events
1136+
- serviceaccounts
1137+
- configmaps
1138+
- services
11331139
verbs:
1134-
- '*'
1135-
- nonResourceURLs:
1136-
- '*'
1140+
- get
1141+
- list
1142+
- create
1143+
- update
1144+
- delete
1145+
- patch
1146+
- watch
1147+
- apiGroups:
1148+
- extensions
1149+
resources:
1150+
- deployments
11371151
verbs:
1138-
- '*'
1152+
- get
1153+
- list
1154+
- create
1155+
- update
1156+
- delete
1157+
- patch
1158+
- watch
1159+
- apiGroups:
1160+
- admissionregistration.k8s.io
1161+
resources:
1162+
- mutatingwebhookconfigurations
1163+
verbs:
1164+
- get
1165+
- list
1166+
- create
1167+
- update
1168+
- delete
1169+
- patch
1170+
- watch
1171+
- apiGroups:
1172+
- apiextensions.k8s.io
1173+
resources:
1174+
- customresourcedefinitions
1175+
verbs:
1176+
- get
1177+
- list
1178+
- create
1179+
- update
1180+
- delete
1181+
- patch
1182+
- watch
1183+
- apiGroups:
1184+
- build.knative.dev
1185+
resources:
1186+
- builds
1187+
- buildtemplates
1188+
- clusterbuildtemplates
1189+
verbs:
1190+
- get
1191+
- list
1192+
- create
1193+
- update
1194+
- delete
1195+
- patch
1196+
- watch
1197+
- apiGroups:
1198+
- build.knative.dev
1199+
resources:
1200+
- builds/status
1201+
- buildtemplates/status
1202+
- clusterbuildtemplates/status
1203+
verbs:
1204+
- get
1205+
- list
1206+
- create
1207+
- update
1208+
- delete
1209+
- patch
1210+
- watch
1211+
- apiGroups:
1212+
- caching.internal.knative.dev
1213+
resources:
1214+
- images
1215+
verbs:
1216+
- get
1217+
- list
1218+
- create
1219+
- update
1220+
- delete
1221+
- deletecollection
1222+
- patch
1223+
- watch
1224+
- apiGroups:
1225+
- policy
1226+
resourceNames:
1227+
- knative-build
1228+
resources:
1229+
- podsecuritypolicies
1230+
verbs:
1231+
- use
1232+
1233+
# The above rules are from upstream. The remaining are
1234+
# required for OpenShift
1235+
1236+
- apiGroups:
1237+
- security.openshift.io
1238+
resources:
1239+
- securitycontextconstraints
1240+
verbs:
1241+
- use
1242+
resourceNames:
1243+
- privileged
1244+
- anyuid
1245+
- apiGroups:
1246+
- extensions
1247+
resources:
1248+
- deployments/finalizers
1249+
verbs:
1250+
- update
1251+
- apiGroups:
1252+
- build.knative.dev
1253+
resources:
1254+
- '*/finalizers'
1255+
verbs:
1256+
- update
1257+
- apiGroups:
1258+
- policy
1259+
resources:
1260+
- podsecuritypolicies
1261+
verbs:
1262+
- create
1263+
- patch
1264+
- get
11391265
11401266
deployments:
11411267
- name: build-controller
@@ -1657,7 +1783,7 @@ data:
16571783
- apiGroups:
16581784
- eventing.knative.dev
16591785
resources:
1660-
- channels/finalizers
1786+
- '*/finalizers'
16611787
verbs:
16621788
- update
16631789
- apiGroups:
@@ -1713,6 +1839,18 @@ data:
17131839
- list
17141840
- watch
17151841
1842+
# The above rules are from upstream. The remaining are
1843+
# required for OpenShift
1844+
1845+
- apiGroups:
1846+
- security.openshift.io
1847+
resources:
1848+
- securitycontextconstraints
1849+
verbs:
1850+
- use
1851+
resourceNames:
1852+
- privileged
1853+
17161854
deployments:
17171855
- name: eventing-controller
17181856
spec:
@@ -3237,15 +3375,205 @@ data:
32373375
- serviceAccountName: controller
32383376
rules:
32393377
- apiGroups:
3240-
- '*'
3378+
- ""
32413379
resources:
3242-
- '*'
3380+
- pods
3381+
- namespaces
3382+
- secrets
3383+
- configmaps
3384+
- endpoints
3385+
- services
3386+
- events
3387+
- serviceaccounts
32433388
verbs:
3244-
- '*'
3245-
- nonResourceURLs:
3246-
- '*'
3389+
- get
3390+
- list
3391+
- create
3392+
- update
3393+
- delete
3394+
- patch
3395+
- watch
3396+
- apiGroups:
3397+
- extensions
3398+
resources:
3399+
- ingresses
3400+
- deployments
32473401
verbs:
3248-
- '*'
3402+
- get
3403+
- list
3404+
- create
3405+
- update
3406+
- delete
3407+
- patch
3408+
- watch
3409+
- apiGroups:
3410+
- apps
3411+
resources:
3412+
- deployments
3413+
- deployments/scale
3414+
- statefulsets
3415+
verbs:
3416+
- get
3417+
- list
3418+
- create
3419+
- update
3420+
- delete
3421+
- patch
3422+
- watch
3423+
- apiGroups:
3424+
- admissionregistration.k8s.io
3425+
resources:
3426+
- mutatingwebhookconfigurations
3427+
verbs:
3428+
- get
3429+
- list
3430+
- create
3431+
- update
3432+
- delete
3433+
- patch
3434+
- watch
3435+
- apiGroups:
3436+
- apiextensions.k8s.io
3437+
resources:
3438+
- customresourcedefinitions
3439+
verbs:
3440+
- get
3441+
- list
3442+
- create
3443+
- update
3444+
- delete
3445+
- patch
3446+
- watch
3447+
- apiGroups:
3448+
- serving.knative.dev
3449+
resources:
3450+
- configurations
3451+
- routes
3452+
- revisions
3453+
- services
3454+
verbs:
3455+
- get
3456+
- list
3457+
- create
3458+
- update
3459+
- delete
3460+
- patch
3461+
- watch
3462+
- apiGroups:
3463+
- serving.knative.dev
3464+
resources:
3465+
- configurations/status
3466+
- routes/status
3467+
- revisions/status
3468+
- services/status
3469+
verbs:
3470+
- get
3471+
- list
3472+
- create
3473+
- update
3474+
- delete
3475+
- patch
3476+
- watch
3477+
- apiGroups:
3478+
- autoscaling.internal.knative.dev
3479+
resources:
3480+
- podautoscalers
3481+
- podautoscalers/status
3482+
verbs:
3483+
- get
3484+
- list
3485+
- create
3486+
- update
3487+
- delete
3488+
- patch
3489+
- watch
3490+
- apiGroups:
3491+
- autoscaling
3492+
resources:
3493+
- horizontalpodautoscalers
3494+
verbs:
3495+
- get
3496+
- list
3497+
- create
3498+
- update
3499+
- delete
3500+
- patch
3501+
- watch
3502+
- apiGroups:
3503+
- caching.internal.knative.dev
3504+
resources:
3505+
- images
3506+
verbs:
3507+
- get
3508+
- list
3509+
- create
3510+
- update
3511+
- delete
3512+
- patch
3513+
- watch
3514+
- apiGroups:
3515+
- networking.internal.knative.dev
3516+
resources:
3517+
- clusteringresses
3518+
- clusteringresses/status
3519+
verbs:
3520+
- get
3521+
- list
3522+
- create
3523+
- update
3524+
- delete
3525+
- patch
3526+
- watch
3527+
- apiGroups:
3528+
- build.knative.dev
3529+
resources:
3530+
- builds
3531+
verbs:
3532+
- get
3533+
- list
3534+
- create
3535+
- update
3536+
- delete
3537+
- patch
3538+
- watch
3539+
- apiGroups:
3540+
- networking.istio.io
3541+
resources:
3542+
- virtualservices
3543+
verbs:
3544+
- get
3545+
- list
3546+
- create
3547+
- update
3548+
- delete
3549+
- patch
3550+
- watch
3551+
3552+
# The above rules are from upstream. The remaining are
3553+
# required for OpenShift
3554+
3555+
- apiGroups:
3556+
- security.openshift.io
3557+
resources:
3558+
- securitycontextconstraints
3559+
verbs:
3560+
- use
3561+
resourceNames:
3562+
- privileged
3563+
- anyuid
3564+
- apiGroups:
3565+
- extensions
3566+
resources:
3567+
- deployments/finalizers
3568+
verbs:
3569+
- update
3570+
- apiGroups:
3571+
- serving.knative.dev
3572+
- networking.internal.knative.dev
3573+
resources:
3574+
- '*/finalizers'
3575+
verbs:
3576+
- update
32493577
32503578
deployments:
32513579
- name: activator

0 commit comments

Comments
 (0)