From a156e6dab7b4938da482ac4fa89f8b1557a7b1e8 Mon Sep 17 00:00:00 2001 From: Tuan Anh Tran Date: Thu, 2 Dec 2021 09:47:13 +0700 Subject: [PATCH] chore: reformat webhook rbac file (#883) * chore: reformat webhook rbac file Signed-off-by: Tuan Anh Tran * chore: reformat rbac file Signed-off-by: Tuan Anh Tran --- .../karpenter/templates/controller/rbac.yaml | 119 +++++------------- charts/karpenter/templates/webhook/rbac.yaml | 37 ++---- 2 files changed, 40 insertions(+), 116 deletions(-) diff --git a/charts/karpenter/templates/controller/rbac.yaml b/charts/karpenter/templates/controller/rbac.yaml index 71be29eff7cc..399e2e03db61 100644 --- a/charts/karpenter/templates/controller/rbac.yaml +++ b/charts/karpenter/templates/controller/rbac.yaml @@ -31,97 +31,40 @@ metadata: name: karpenter-controller namespace: {{ .Release.Namespace }} rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["configmaps/status"] + verbs: ["get", "update", "patch"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: karpenter-controller rules: -- apiGroups: - - karpenter.sh - resources: - - provisioners - - provisioners/status - verbs: - - create - - delete - - patch - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - get - - patch - - update - - watch -- apiGroups: - - "" - resources: - - nodes - - pods - verbs: - - get - - list - - watch - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - update -- apiGroups: - - "" - resources: - - nodes - verbs: - - create -- apiGroups: - - "" - resources: - - pods/binding - - pods/eviction - verbs: - - create -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - list - - watch +- apiGroups: ["karpenter.sh"] + resources: ["provisioners", "provisioners/status"] + verbs: ["create", "delete", "patch", "get", "list", "watch"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "get", "patch", "update", "watch"] +- apiGroups: [""] + resources: ["nodes", "pods"] + verbs: ["get", "list", "watch", "patch", "delete"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["create"] +- apiGroups: [""] + resources: ["pods/binding", "pods/eviction"] + verbs: ["create"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["list", "watch"] +--- \ No newline at end of file diff --git a/charts/karpenter/templates/webhook/rbac.yaml b/charts/karpenter/templates/webhook/rbac.yaml index 89d8ee5e4ac1..87bf0693fe40 100644 --- a/charts/karpenter/templates/webhook/rbac.yaml +++ b/charts/karpenter/templates/webhook/rbac.yaml @@ -34,38 +34,19 @@ rules: - apiGroups: [""] resources: ["configmaps", "namespaces"] verbs: ["get", "list", "watch"] -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - watch - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - watch - - create - - update +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["get", "watch", "create", "update"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: karpenter-webhook rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: - - get - - watch - - list - - update +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "watch", "list", "update"] ---