pool/kubevirt
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a11b7876df
kubevirt/kubevirt-psp-caasp.yaml
James Fehlig dcabda7174 Accepting request 846541 from home:jfehlig:branches:Virtualization 
- spec: Generate the registry path for kubevirt-operator.yaml at
  build time. Prjconf macro 'registry_path' can be used to
  override registry path to the KubeVirt container images
- spec: Add kubevirt-psp-caasp.yaml, a PSP based on CaaSP
  privileged PSP, to the manifests subpackage
- spec: Don't add component name to DOCKER_PREFIX passed to
  build-manifests.sh

OBS-URL: https://build.opensuse.org/request/show/846541
OBS-URL: https://build.opensuse.org/package/show/Virtualization/kubevirt?expand=0&rev=17
2020-11-06 21:27:48 +00:00

92 lines
2.0 KiB
YAML
Raw Blame History

#
# A KubeVirt PSP for CaaSP-based Kubernetes clusters that makes use of the
# CaaSP privileged PSP.
#
# After the KubeVirt operator has sucessfully deployed the KubeVirt service,
# this PSP can be deployed to the cluster, giving virt-operator and
# virt-handler access to cluster operations necessary for virtual machine
# management.
#
# kubectl apply -f /usr/share/kube-virt/manifests/release/kubevirt-psp-caasp.yaml
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-controller-caasp
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- suse.caasp.psp.privileged
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubevirt-handler-caasp
rules:
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- suse.caasp.psp.privileged
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-controller-caasp
roleRef:
kind: ClusterRole
name: kubevirt-controller-caasp
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kubevirt-controller
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubevirt-handler-caasp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubevirt-handler-caasp
subjects:
- kind: ServiceAccount
name: kubevirt-handler
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubevirt-controller-caasp
roleRef:
kind: Role
name: kubevirt-controller-caasp
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kubevirt-controller
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kubevirt-handler-caasp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: kubevirt-handler-caasp
subjects:
- kind: ServiceAccount
name: kubevirt-handler
namespace: kubevirt
Reference in New Issue View Git Blame Copy Permalink