From b69b21708160bbfedf2580502c16bae29b4c0deb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=A9=AC=E6=B4=AA=E8=B4=9E?= Date: Thu, 22 Feb 2024 16:45:18 +0800 Subject: [PATCH] refactor ovn clusterrole MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 马洪贞 --- charts/kube-ovn/templates/ovn-CR.yaml | 56 +++++++++++++++++++-------- dist/images/install.sh | 56 +++++++++++++++++++-------- yamls/sa.yaml | 56 +++++++++++++++++++-------- 3 files changed, 117 insertions(+), 51 deletions(-) diff --git a/charts/kube-ovn/templates/ovn-CR.yaml b/charts/kube-ovn/templates/ovn-CR.yaml index 2aa39184d54d..bbc7dee463ac 100644 --- a/charts/kube-ovn/templates/ovn-CR.yaml +++ b/charts/kube-ovn/templates/ovn-CR.yaml @@ -54,17 +54,28 @@ rules: - "" resources: - pods - - pods/exec - namespaces - - nodes - - configmaps verbs: - - create - get - list + - patch - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list - patch - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "k8s.cni.cncf.io" resources: @@ -74,40 +85,53 @@ rules: - apiGroups: - "" - networking.k8s.io - - apps resources: - networkpolicies - - daemonsets + - configmaps verbs: - get - list - watch - apiGroups: - - "" - apps resources: + - daemonsets + verbs: + - get + - apiGroups: + - "" + resources: + - services - services/status verbs: + - get + - list - update + - create + - delete + - watch - apiGroups: - "" - - networking.k8s.io - - apps - - extensions resources: - - services - endpoints + verbs: + - create + - update + - get + - list + - watch + - apiGroups: + - apps + resources: - statefulsets - deployments - deployments/scale verbs: + - get + - list - create - delete - update - - patch - - get - - list - - watch - apiGroups: - "" resources: @@ -222,8 +246,6 @@ rules: - get - list - apiGroups: - - "" - - networking.k8s.io - apps resources: - daemonsets diff --git a/dist/images/install.sh b/dist/images/install.sh index f5729296a3c5..cd90e1e9f302 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -2937,17 +2937,28 @@ rules: - "" resources: - pods - - pods/exec - namespaces - - nodes - - configmaps verbs: - - create - get - list + - patch - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list - patch - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "k8s.cni.cncf.io" resources: @@ -2957,40 +2968,53 @@ rules: - apiGroups: - "" - networking.k8s.io - - apps resources: - networkpolicies - - daemonsets + - configmaps verbs: - get - list - watch - apiGroups: - - "" - apps resources: + - daemonsets + verbs: + - get + - apiGroups: + - "" + resources: + - services - services/status verbs: + - get + - list - update + - create + - delete + - watch - apiGroups: - "" - - networking.k8s.io - - apps - - extensions resources: - - services - endpoints + verbs: + - create + - update + - get + - list + - watch + - apiGroups: + - apps + resources: - statefulsets - deployments - deployments/scale verbs: + - get + - list - create - delete - update - - patch - - get - - list - - watch - apiGroups: - "" resources: @@ -3115,8 +3139,6 @@ rules: - get - list - apiGroups: - - "" - - networking.k8s.io - apps resources: - daemonsets diff --git a/yamls/sa.yaml b/yamls/sa.yaml index 1aafc9409e06..565d79c5c3b4 100644 --- a/yamls/sa.yaml +++ b/yamls/sa.yaml @@ -110,17 +110,28 @@ rules: - "" resources: - pods - - pods/exec - namespaces - - nodes - - configmaps verbs: - - create - get - list + - patch - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list - patch - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "k8s.cni.cncf.io" resources: @@ -130,40 +141,53 @@ rules: - apiGroups: - "" - networking.k8s.io - - apps resources: - networkpolicies - - daemonsets + - configmaps verbs: - get - list - watch - apiGroups: - - "" - apps resources: + - daemonsets + verbs: + - get + - apiGroups: + - "" + resources: + - services - services/status verbs: + - get + - list - update + - create + - delete + - watch - apiGroups: - "" - - networking.k8s.io - - apps - - extensions resources: - - services - endpoints + verbs: + - create + - update + - get + - list + - watch + - apiGroups: + - apps + resources: - statefulsets - deployments - deployments/scale verbs: + - get + - list - create - delete - update - - patch - - get - - list - - watch - apiGroups: - "" resources: @@ -284,8 +308,6 @@ rules: - get - list - apiGroups: - - "" - - networking.k8s.io - apps resources: - daemonsets