pool/kubevirt
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
kubevirt/kubevirt-psp-caasp.yaml

92 lines
2.0 KiB
YAML
Raw Normal View History

Accepting request 846541 from home:jfehlig:branches:Virtualization - spec: Generate the registry path for kubevirt-operator.yaml at build time. Prjconf macro 'registry_path' can be used to override registry path to the KubeVirt container images - spec: Add kubevirt-psp-caasp.yaml, a PSP based on CaaSP privileged PSP, to the manifests subpackage - spec: Don't add component name to DOCKER_PREFIX passed to build-manifests.sh OBS-URL: https://build.opensuse.org/request/show/846541 OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=17
2020-11-06 21:27:48 +00:00
#
# A KubeVirt PSP for CaaSP-based Kubernetes clusters that makes use of the
# CaaSP privileged PSP.
#
# After the KubeVirt operator has sucessfully deployed the KubeVirt service,
# this PSP can be deployed to the cluster, giving virt-operator and
# virt-handler access to cluster operations necessary for virtual machine
# management.
#
# kubectl apply -f /usr/share/kube-virt/manifests/release/kubevirt-psp-caasp.yaml
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-controller-caasp
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- suse.caasp.psp.privileged
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-handler-caasp
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- suse.caasp.psp.privileged
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-controller-caasp
roleRef:
kind: ClusterRole
name: kubevirt-controller-caasp
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kubevirt-controller
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-handler-caasp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-handler-caasp
subjects:
- kind: ServiceAccount
name: kubevirt-handler
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubevirt-controller-caasp
roleRef:
kind: Role
name: kubevirt-controller-caasp
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kubevirt-controller
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubevirt-handler-caasp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-handler-caasp
subjects:
- kind: ServiceAccount
name: kubevirt-handler
namespace: kubevirt
Reference in New Issue Copy Permalink