Commit aba16cd6 authored by Sergio Gimenez's avatar Sergio Gimenez
Browse files

Extend lite2edge RBAC for Helm chart deployments 

Add permissions for secrets, configmaps, serviceaccounts, statefulsets,
replicasets, roles, and rolebindings to support Helm charts that create
these resources (e.g., orchestrator chart needs regcred secret).
parent 516dacd4

ansible/roles/lite2edge/templates/lite2edge.yaml.j2

+5 −2
Original line number Diff line number Diff line
@@ -18,10 +18,13 @@ rules: 
    resources: ["nodes"]

    verbs: ["get", "list", "watch"]

  - apiGroups: [""]

    resources: ["pods", "services", "namespaces"]

    resources: ["pods", "services", "namespaces", "secrets", "configmaps", "serviceaccounts"]

    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

  - apiGroups: ["apps"]

    resources: ["deployments"]

    resources: ["deployments", "statefulsets", "replicasets"]

    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

  - apiGroups: ["rbac.authorization.k8s.io"]

    resources: ["roles", "rolebindings"]

    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

---

apiVersion: rbac.authorization.k8s.io/v1