From ce55a1b7890d97882d4e36fa30113b17c570f97f Mon Sep 17 00:00:00 2001 From: Arthur Date: Sat, 18 Jan 2025 17:22:25 +0000 Subject: [PATCH] feat(RBAC): Role Aggregation Signed-off-by: Arthur --- config/rbac/dragonfly_editor_role.yaml | 2 ++ config/rbac/dragonfly_viewer_role.yaml | 4 ++++ config/rbac/kustomization.yaml | 2 ++ 3 files changed, 8 insertions(+) diff --git a/config/rbac/dragonfly_editor_role.yaml b/config/rbac/dragonfly_editor_role.yaml index e838aa4c..01143e0f 100644 --- a/config/rbac/dragonfly_editor_role.yaml +++ b/config/rbac/dragonfly_editor_role.yaml @@ -9,6 +9,8 @@ metadata: app.kubernetes.io/created-by: dragonfly-operator app.kubernetes.io/part-of: dragonfly-operator app.kubernetes.io/managed-by: kustomize + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" name: dragonfly-editor-role rules: - apiGroups: diff --git a/config/rbac/dragonfly_viewer_role.yaml b/config/rbac/dragonfly_viewer_role.yaml index 84b0d24d..f7a5e130 100644 --- a/config/rbac/dragonfly_viewer_role.yaml +++ b/config/rbac/dragonfly_viewer_role.yaml @@ -9,6 +9,10 @@ metadata: app.kubernetes.io/created-by: dragonfly-operator app.kubernetes.io/part-of: dragonfly-operator app.kubernetes.io/managed-by: kustomize + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" name: dragonfly-viewer-role rules: - apiGroups: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6..ff21b764 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -16,3 +16,5 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml +- dragonfly_viewer_role.yaml +- dragonfly_editor_role.yaml \ No newline at end of file