Skip to content

Commit c4db2c1

Browse files
awgreeneawgreene
committed
try to constrain rbac based on e2e usage
Signed-off-by: Alexander Greene <[email protected]> t p#
1 parent e98b8f0 commit c4db2c1

File tree

1 file changed

+98
-5
lines changed

1 file changed

+98
-5
lines changed

manifests/0000_50_olm_01-olm-operator.serviceaccount.yaml

Lines changed: 98 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,104 @@ metadata:
1515
include.release.openshift.io/ibm-cloud-managed: "true"
1616
include.release.openshift.io/self-managed-high-availability: "true"
1717
rules:
18-
- apiGroups: ["*"]
19-
resources: ["*"]
20-
verbs: ["*"]
21-
- nonResourceURLs: ["*"]
22-
verbs: ["*"]
18+
- apiGroups:
19+
- ""
20+
resources:
21+
- namespaces
22+
- pods
23+
- services
24+
- pods/status
25+
- configmaps
26+
- secrets
27+
- serviceaccounts
28+
verbs:
29+
- "*"
30+
- apiGroups:
31+
- admissionregistration.k8s.io
32+
resources:
33+
- mutatingwebhookconfigurations
34+
- validatingwebhookconfigurations
35+
verbs:
36+
- "*"
37+
- apiGroups:
38+
- apiextensions.k8s.io
39+
resources:
40+
- customresourcedefinitions
41+
verbs:
42+
- "*"
43+
- apiGroups:
44+
- apiregistration.k8s.io
45+
resources:
46+
- apiservices
47+
verbs:
48+
- "*"
49+
- apiGroups:
50+
- apps
51+
resources:
52+
- deployments
53+
verbs:
54+
- "*"
55+
- apiGroups:
56+
- batch
57+
resources:
58+
- jobs
59+
verbs:
60+
- "*"
61+
- apiGroups:
62+
- config.openshift.io
63+
resources:
64+
- clusteroperators
65+
- infrastructures
66+
- proxies
67+
verbs:
68+
- "*"
69+
- apiGroups:
70+
- coordination.k8s.io
71+
resourceNames:
72+
- packageserver-controller-lock
73+
resources:
74+
- leases
75+
verbs:
76+
- "*"
77+
- apiGroups:
78+
- cluster.com
79+
resources:
80+
- "*"
81+
verbs:
82+
- "*"
83+
- apiGroups:
84+
- operators.coreos.com
85+
resources:
86+
- "*"
87+
verbs:
88+
- "*"
89+
- apiGroups:
90+
- rbac.authorization.k8s.io
91+
resources:
92+
- clusterrolebindings
93+
- clusterroles
94+
- rolebindings
95+
- roles
96+
verbs:
97+
- "*"
98+
- apiGroups:
99+
- example.com
100+
resources:
101+
- tests
102+
verbs:
103+
- "*"
104+
- apiGroups:
105+
- kiali.io
106+
resources:
107+
- kialis
108+
verbs:
109+
- "*"
110+
- apiGroups:
111+
- monitoring.kiali.io
112+
resources:
113+
- monitoringdashboards
114+
verbs:
115+
- "*"
23116
---
24117
apiVersion: rbac.authorization.k8s.io/v1
25118
kind: ClusterRoleBinding

0 commit comments

Comments
 (0)