From 5f738663f5db43e99ffd503cd772babf1333cfcc Mon Sep 17 00:00:00 2001 From: xuezhaojun Date: Tue, 21 Jan 2025 16:14:54 +0800 Subject: [PATCH] Refactor managedcluster-import-role.yaml - Updated ClusterRole and ClusterRoleBinding names to remove the 'system:' prefix for consistency. - Removed the 'update' verb from the ClusterRole rules. - Added new rules for 'clusters' resource under 'cluster.x-k8s.io' in managedcluster-import-role.yaml. Signed-off-by: xuezhaojun --- ...er-import-agent-registration-bootstrap-clusterrole.yaml | 3 +-- ...rt-agent-registration-bootstrap-clusterrolebinding.yaml | 4 ++-- .../templates/managedcluster-import-role.yaml | 7 +++++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrole.yaml b/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrole.yaml index 5c4c57fa2..933a0c4ff 100644 --- a/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrole.yaml +++ b/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrole.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: system:open-cluster-management:managedcluster:bootstrap:agent-registration + name: open-cluster-management:managedcluster:bootstrap:agent-registration rules: - apiGroups: - "" @@ -25,7 +25,6 @@ rules: verbs: - get - create - - update - apiGroups: # this is needed for creating managed cluster from agent-side. - "cluster.open-cluster-management.io" resources: diff --git a/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrolebinding.yaml b/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrolebinding.yaml index 38bfd633c..54c894651 100644 --- a/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrolebinding.yaml +++ b/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-agent-registration-bootstrap-clusterrolebinding.yaml @@ -1,7 +1,7 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: 'system:open-cluster-management:managedcluster:bootstrap:agent-registration' + name: 'open-cluster-management:managedcluster:bootstrap:agent-registration' subjects: - kind: ServiceAccount name: agent-registration-bootstrap @@ -9,4 +9,4 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: 'system:open-cluster-management:managedcluster:bootstrap:agent-registration' + name: 'open-cluster-management:managedcluster:bootstrap:agent-registration' diff --git a/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-role.yaml b/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-role.yaml index 1ea3238bb..99ce7bac8 100644 --- a/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-role.yaml +++ b/pkg/templates/charts/toggle/server-foundation/templates/managedcluster-import-role.yaml @@ -271,3 +271,10 @@ rules: - get - list - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list