Skip to content
This repository was archived by the owner on Aug 2, 2019. It is now read-only.

Commit 52c9853

Browse files
jcrossley3jcrossley3
committed
Restore upstream RBAC policies
1 parent 041f1a2 commit 52c9853

File tree

2 files changed

+268
-12
lines changed

2 files changed

+268
-12
lines changed

olm-catalog/knative-build.v0.3.0.clusterserviceversion.yaml

Lines changed: 98 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -29,15 +29,107 @@ spec:
2929
- serviceAccountName: build-controller
3030
rules:
3131
- apiGroups:
32-
- '*'
32+
- ""
3333
resources:
34-
- '*'
34+
- pods
35+
- namespaces
36+
- secrets
37+
- events
38+
- serviceaccounts
39+
- configmaps
3540
verbs:
36-
- '*'
37-
- nonResourceURLs:
38-
- '*'
41+
- get
42+
- list
43+
- create
44+
- update
45+
- delete
46+
- patch
47+
- watch
48+
- apiGroups:
49+
- extensions
50+
resources:
51+
- deployments
52+
verbs:
53+
- get
54+
- list
55+
- create
56+
- update
57+
- delete
58+
- patch
59+
- watch
60+
- apiGroups:
61+
- admissionregistration.k8s.io
62+
resources:
63+
- mutatingwebhookconfigurations
64+
verbs:
65+
- get
66+
- list
67+
- create
68+
- update
69+
- delete
70+
- patch
71+
- watch
72+
- apiGroups:
73+
- apiextensions.k8s.io
74+
resources:
75+
- customresourcedefinitions
76+
verbs:
77+
- get
78+
- list
79+
- create
80+
- update
81+
- delete
82+
- patch
83+
- watch
84+
- apiGroups:
85+
- build.knative.dev
86+
resources:
87+
- builds
88+
- buildtemplates
89+
- clusterbuildtemplates
90+
verbs:
91+
- get
92+
- list
93+
- create
94+
- update
95+
- delete
96+
- patch
97+
- watch
98+
- apiGroups:
99+
- build.knative.dev
100+
resources:
101+
- builds/status
102+
- buildtemplates/status
103+
- clusterbuildtemplates/status
104+
verbs:
105+
- get
106+
- list
107+
- create
108+
- update
109+
- delete
110+
- patch
111+
- watch
112+
- apiGroups:
113+
- caching.internal.knative.dev
114+
resources:
115+
- images
116+
verbs:
117+
- get
118+
- list
119+
- create
120+
- update
121+
- delete
122+
- deletecollection
123+
- patch
124+
- watch
125+
- apiGroups:
126+
- policy
127+
resourceNames:
128+
- knative-build
129+
resources:
130+
- podsecuritypolicies
39131
verbs:
40-
- '*'
132+
- use
41133

42134
deployments:
43135
- name: build-controller

olm-catalog/knative-serving.v0.3.0.clusterserviceversion.yaml

Lines changed: 170 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,15 +27,179 @@ spec:
2727
- serviceAccountName: controller
2828
rules:
2929
- apiGroups:
30-
- '*'
30+
- ""
3131
resources:
32-
- '*'
32+
- pods
33+
- namespaces
34+
- secrets
35+
- configmaps
36+
- endpoints
37+
- services
38+
- events
39+
- serviceaccounts
3340
verbs:
34-
- '*'
35-
- nonResourceURLs:
36-
- '*'
41+
- get
42+
- list
43+
- create
44+
- update
45+
- delete
46+
- patch
47+
- watch
48+
- apiGroups:
49+
- extensions
50+
resources:
51+
- ingresses
52+
- deployments
53+
verbs:
54+
- get
55+
- list
56+
- create
57+
- update
58+
- delete
59+
- patch
60+
- watch
61+
- apiGroups:
62+
- apps
63+
resources:
64+
- deployments
65+
- deployments/scale
66+
- statefulsets
67+
verbs:
68+
- get
69+
- list
70+
- create
71+
- update
72+
- delete
73+
- patch
74+
- watch
75+
- apiGroups:
76+
- admissionregistration.k8s.io
77+
resources:
78+
- mutatingwebhookconfigurations
79+
verbs:
80+
- get
81+
- list
82+
- create
83+
- update
84+
- delete
85+
- patch
86+
- watch
87+
- apiGroups:
88+
- apiextensions.k8s.io
89+
resources:
90+
- customresourcedefinitions
91+
verbs:
92+
- get
93+
- list
94+
- create
95+
- update
96+
- delete
97+
- patch
98+
- watch
99+
- apiGroups:
100+
- serving.knative.dev
101+
resources:
102+
- configurations
103+
- routes
104+
- revisions
105+
- services
106+
verbs:
107+
- get
108+
- list
109+
- create
110+
- update
111+
- delete
112+
- patch
113+
- watch
114+
- apiGroups:
115+
- serving.knative.dev
116+
resources:
117+
- configurations/status
118+
- routes/status
119+
- revisions/status
120+
- services/status
121+
verbs:
122+
- get
123+
- list
124+
- create
125+
- update
126+
- delete
127+
- patch
128+
- watch
129+
- apiGroups:
130+
- autoscaling.internal.knative.dev
131+
resources:
132+
- podautoscalers
133+
- podautoscalers/status
134+
verbs:
135+
- get
136+
- list
137+
- create
138+
- update
139+
- delete
140+
- patch
141+
- watch
142+
- apiGroups:
143+
- autoscaling
144+
resources:
145+
- horizontalpodautoscalers
146+
verbs:
147+
- get
148+
- list
149+
- create
150+
- update
151+
- delete
152+
- patch
153+
- watch
154+
- apiGroups:
155+
- caching.internal.knative.dev
156+
resources:
157+
- images
158+
verbs:
159+
- get
160+
- list
161+
- create
162+
- update
163+
- delete
164+
- patch
165+
- watch
166+
- apiGroups:
167+
- networking.internal.knative.dev
168+
resources:
169+
- clusteringresses
170+
- clusteringresses/status
171+
verbs:
172+
- get
173+
- list
174+
- create
175+
- update
176+
- delete
177+
- patch
178+
- watch
179+
- apiGroups:
180+
- build.knative.dev
181+
resources:
182+
- builds
183+
verbs:
184+
- get
185+
- list
186+
- create
187+
- update
188+
- delete
189+
- patch
190+
- watch
191+
- apiGroups:
192+
- networking.istio.io
193+
resources:
194+
- virtualservices
37195
verbs:
38-
- '*'
196+
- get
197+
- list
198+
- create
199+
- update
200+
- delete
201+
- patch
202+
- watch
39203

40204
deployments:
41205
- name: activator

0 commit comments

Comments
 (0)