Skip to content

Commit

Permalink
rbac: ovn-kubernetes: add aggregate-to-cluster-reader permissions
Browse files Browse the repository at this point in the history 
API group "k8s.ovn.org" should be included to cluster-reader role.
That group has the following resources:
    - EgressFirewall
    - EgressIP
    - EgressQoS

Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
  • Loading branch information
@flavio-fernandes
flavio-fernandes committed Apr 25, 2023
1 parent f11b987 commit 7f2f900
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions bindata/network/ovn-kubernetes/common/007-rbac-cluster-reader.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
name: openshift-ovn-kubernetes-cluster-reader
rules:
- apiGroups: ["k8s.ovn.org"]
resources:
- egressfirewalls
- egressips
- egressqoses
verbs:
- get
- list
- watch

0 comments on commit 7f2f900

Please sign in to comment.