You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56 lines
1.2 KiB
56 lines
1.2 KiB
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeflow-istio-admin
|
|
labels:
|
|
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true"
|
|
aggregationRule:
|
|
clusterRoleSelectors:
|
|
- matchLabels:
|
|
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true"
|
|
rules: []
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeflow-istio-edit
|
|
labels:
|
|
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true"
|
|
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true"
|
|
rules:
|
|
- apiGroups:
|
|
- istio.io
|
|
- networking.istio.io
|
|
resources: ["*"]
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
# For security reasons we do not enable this by default. It could destabilize the platform and allow exploits.
|
|
#- create
|
|
#- delete
|
|
#- deletecollection
|
|
#- patch
|
|
#- update
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeflow-istio-view
|
|
labels:
|
|
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true"
|
|
rules:
|
|
- apiGroups:
|
|
- istio.io
|
|
- networking.istio.io
|
|
resources: ["*"]
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
|