Skip to content

Commit add2e28

Browse files
awgreeneawgreene
committed
try to constrain rbac based on e2e usage
Signed-off-by: Alexander Greene <[email protected]> t p#
1 parent e98b8f0 commit add2e28

File tree

1 file changed

+98
-3
lines changed

1 file changed

+98
-3
lines changed

manifests/0000_50_olm_01-olm-operator.serviceaccount.yaml

Lines changed: 98 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,106 @@ metadata:
1515
include.release.openshift.io/ibm-cloud-managed: "true"
1616
include.release.openshift.io/self-managed-high-availability: "true"
1717
rules:
18-
- apiGroups: ["*"]
19-
resources: ["*"]
20-
verbs: ["*"]
2118
- nonResourceURLs: ["*"]
2219
verbs: ["*"]
20+
- apiGroups:
21+
- ""
22+
resources:
23+
- namespaces
24+
- pods
25+
- services
26+
- pods/status
27+
- configmaps
28+
- secrets
29+
- serviceaccounts
30+
verbs:
31+
- "*"
32+
- apiGroups:
33+
- admissionregistration.k8s.io
34+
resources:
35+
- mutatingwebhookconfigurations
36+
- validatingwebhookconfigurations
37+
verbs:
38+
- "*"
39+
- apiGroups:
40+
- apiextensions.k8s.io
41+
resources:
42+
- customresourcedefinitions
43+
verbs:
44+
- "*"
45+
- apiGroups:
46+
- apiregistration.k8s.io
47+
resources:
48+
- apiservices
49+
verbs:
50+
- "*"
51+
- apiGroups:
52+
- apps
53+
resources:
54+
- deployments
55+
verbs:
56+
- "*"
57+
- apiGroups:
58+
- batch
59+
resources:
60+
- jobs
61+
verbs:
62+
- "*"
63+
- apiGroups:
64+
- config.openshift.io
65+
resources:
66+
- clusteroperators
67+
- infrastructures
68+
- proxies
69+
verbs:
70+
- "*"
71+
- apiGroups:
72+
- coordination.k8s.io
73+
resourceNames:
74+
- packageserver-controller-lock
75+
resources:
76+
- leases
77+
verbs:
78+
- "*"
79+
- apiGroups:
80+
- cluster.com
81+
resources:
82+
- "*"
83+
verbs:
84+
- "*"
85+
- apiGroups:
86+
- operators.coreos.com
87+
resources:
88+
- "*"
89+
verbs:
90+
- "*"
91+
- apiGroups:
92+
- rbac.authorization.k8s.io
93+
resources:
94+
- clusterrolebindings
95+
- clusterroles
96+
- rolebindings
97+
- roles
98+
verbs:
99+
- "*"
100+
- apiGroups:
101+
- example.com
102+
resources:
103+
- tests
104+
verbs:
105+
- "*"
106+
- apiGroups:
107+
- kiali.io
108+
resources:
109+
- kialis
110+
verbs:
111+
- "*"
112+
- apiGroups:
113+
- monitoring.kiali.io
114+
resources:
115+
- monitoringdashboards
116+
verbs:
117+
- "*"
23118
---
24119
apiVersion: rbac.authorization.k8s.io/v1
25120
kind: ClusterRoleBinding

0 commit comments

Comments
 (0)