From dba2e49573e60931cd23bcd67cdc4ecb42d98797 Mon Sep 17 00:00:00 2001 From: Kevin Date: Thu, 25 Jan 2024 14:17:19 -0500 Subject: [PATCH] DROP: add aggregator role for admin and editor Signed-off-by: Kevin --- ray-operator/config/rbac/editor_role.yaml | 34 +++++++++++++++++++++ ray-operator/config/rbac/kustomization.yaml | 2 ++ ray-operator/config/rbac/viewer_role.yaml | 28 +++++++++++++++++ 3 files changed, 64 insertions(+) create mode 100644 ray-operator/config/rbac/editor_role.yaml create mode 100644 ray-operator/config/rbac/viewer_role.yaml diff --git a/ray-operator/config/rbac/editor_role.yaml b/ray-operator/config/rbac/editor_role.yaml new file mode 100644 index 0000000000..09c6ec1be2 --- /dev/null +++ b/ray-operator/config/rbac/editor_role.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kuberay-edit-role + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: + - ray.io + resources: + - rayjobs + - rayclusters + - rayservices + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - ray.io + resources: + - rayservices/finalizers + - rayclusters/finalizers + - rayjobs/finalizers + - rayservices/status + - rayclusters/status + - rayjobs/status + verbs: + - get diff --git a/ray-operator/config/rbac/kustomization.yaml b/ray-operator/config/rbac/kustomization.yaml index d09b2e3e29..3abe79a7f1 100644 --- a/ray-operator/config/rbac/kustomization.yaml +++ b/ray-operator/config/rbac/kustomization.yaml @@ -1,9 +1,11 @@ resources: +- editor_role.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml - service_account.yaml +- viewer_role.yaml commonLabels: app.kubernetes.io/name: kuberay diff --git a/ray-operator/config/rbac/viewer_role.yaml b/ray-operator/config/rbac/viewer_role.yaml new file mode 100644 index 0000000000..41b82fdba8 --- /dev/null +++ b/ray-operator/config/rbac/viewer_role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kuberay-view-role + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: + - ray.io + resources: + - rayjobs + - rayclusters + - rayservices + verbs: + - get + - list + - watch +- apiGroups: + - ray.io + resources: + - rayservices/finalizers + - rayclusters/finalizers + - rayjobs/finalizers + - rayservices/status + - rayclusters/status + - rayjobs/status + verbs: + - get