Skip to content

Commit

Permalink
prow/cluster: modified RBAC configs for test-pods namespace
Browse files Browse the repository at this point in the history
  • Loading branch information
@idealhack
idealhack committed Apr 26, 2019
1 parent a3072cf commit faf86a5
Show file tree
Hide file tree
Showing 4 changed files with 158 additions and 32 deletions.
31 changes: 26 additions & 5 deletions prow/cluster/deck_rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,25 @@ metadata:
name: "deck"
rules:
- apiGroups:
- ""
- "prow.k8s.io"
resources:
- pods/log
- prowjobs
verbs:
- get
- list
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "deck"
rules:
- apiGroups:
- "prow.k8s.io"
- ""
resources:
- prowjobs
- pods/log
verbs:
- get
- list
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
Expand All @@ -37,6 +44,20 @@ subjects:
- kind: ServiceAccount
name: "deck"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "deck"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "deck"
subjects:
- kind: ServiceAccount
name: "deck"
namespace: default
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
Expand Down
35 changes: 28 additions & 7 deletions prow/cluster/plank_rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,22 +11,29 @@ metadata:
name: "plank"
rules:
- apiGroups:
- ""
- "prow.k8s.io"
resources:
- pods
- prowjobs
verbs:
- get
- create
- delete
- list
- update
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "plank"
rules:
- apiGroups:
- "prow.k8s.io"
- ""
resources:
- prowjobs
- pods
verbs:
- get
- create
- delete
- list
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
Expand All @@ -40,3 +47,17 @@ roleRef:
subjects:
- kind: ServiceAccount
name: "plank"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "plank"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "plank"
subjects:
- kind: ServiceAccount
name: "plank"
namespace: default
29 changes: 25 additions & 4 deletions prow/cluster/sinker_rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,16 +11,23 @@ metadata:
name: "sinker"
rules:
- apiGroups:
- ""
- "prow.k8s.io"
resources:
- pods
- prowjobs
verbs:
- delete
- list
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "sinker"
rules:
- apiGroups:
- "prow.k8s.io"
- ""
resources:
- prowjobs
- pods
verbs:
- delete
- list
Expand All @@ -37,3 +44,17 @@ roleRef:
subjects:
- kind: ServiceAccount
name: "sinker"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "sinker"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "sinker"
subjects:
- kind: ServiceAccount
name: "sinker"
namespace: default
95 changes: 79 additions & 16 deletions prow/cluster/starter.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -505,25 +505,46 @@ subjects:
- kind: ServiceAccount
name: "deck"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "deck"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "deck"
subjects:
- kind: ServiceAccount
name: "deck"
namespace: default
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: default
name: "deck"
rules:
- apiGroups:
- ""
- "prow.k8s.io"
resources:
- pods/log
- prowjobs
verbs:
- get
- list
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "deck"
rules:
- apiGroups:
- "prow.k8s.io"
- ""
resources:
- prowjobs
- pods/log
verbs:
- get
- list
---
kind: ServiceAccount
apiVersion: v1
Expand Down Expand Up @@ -571,22 +592,29 @@ metadata:
name: "plank"
rules:
- apiGroups:
- ""
- "prow.k8s.io"
resources:
- pods
- prowjobs
verbs:
- get
- create
- delete
- list
- update
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "plank"
rules:
- apiGroups:
- "prow.k8s.io"
- ""
resources:
- prowjobs
- pods
verbs:
- get
- create
- delete
- list
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
Expand All @@ -601,6 +629,20 @@ subjects:
- kind: ServiceAccount
name: "plank"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "plank"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "plank"
subjects:
- kind: ServiceAccount
name: "plank"
namespace: default
---
kind: ServiceAccount
apiVersion: v1
metadata:
Expand All @@ -614,16 +656,23 @@ metadata:
name: "sinker"
rules:
- apiGroups:
- ""
- "prow.k8s.io"
resources:
- pods
- prowjobs
verbs:
- delete
- list
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "sinker"
rules:
- apiGroups:
- "prow.k8s.io"
- ""
resources:
- prowjobs
- pods
verbs:
- delete
- list
Expand All @@ -641,6 +690,20 @@ subjects:
- kind: ServiceAccount
name: "sinker"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: test-pods
name: "sinker"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "sinker"
subjects:
- kind: ServiceAccount
name: "sinker"
namespace: default
---
apiVersion: v1
kind: ServiceAccount
metadata:
Expand Down

0 comments on commit faf86a5

Please sign in to comment.