From 2fc87e01c93d1cdd42d007b9ffa16c897042f80f Mon Sep 17 00:00:00 2001 From: Rui Vieira Date: Mon, 13 Nov 2023 09:21:34 +0000 Subject: [PATCH 1/2] Deploy TrustyAI editor and viewer roles (#143) --- config/rbac/kustomization.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index ca04e39..3464551 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -8,3 +8,5 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml +- trustyaiservice_editor_role.yaml +- trustyaiservice_viewer_role.yaml \ No newline at end of file From b1302235f174d8c3c7d446658dc15c87e93191a3 Mon Sep 17 00:00:00 2001 From: Rui Vieira Date: Mon, 13 Nov 2023 10:47:36 +0000 Subject: [PATCH 2/2] Aggregate roles (#147) * Deploy TrustyAI editor and viewer roles * Aggregate roles to view and edit --- config/rbac/trustyaiservice_editor_role.yaml | 2 ++ config/rbac/trustyaiservice_viewer_role.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/config/rbac/trustyaiservice_editor_role.yaml b/config/rbac/trustyaiservice_editor_role.yaml index 71ac696..1c0d4dc 100644 --- a/config/rbac/trustyaiservice_editor_role.yaml +++ b/config/rbac/trustyaiservice_editor_role.yaml @@ -8,6 +8,8 @@ metadata: app.kubernetes.io/created-by: trustyai-service-operator app.kubernetes.io/part-of: trustyai-service-operator app.kubernetes.io/managed-by: kustomize + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" name: trustyaiservice-editor-role rules: - apiGroups: diff --git a/config/rbac/trustyaiservice_viewer_role.yaml b/config/rbac/trustyaiservice_viewer_role.yaml index 2bbe62f..a3a5ebf 100644 --- a/config/rbac/trustyaiservice_viewer_role.yaml +++ b/config/rbac/trustyaiservice_viewer_role.yaml @@ -9,6 +9,8 @@ metadata: app.kubernetes.io/created-by: trustyai-service-operator app.kubernetes.io/part-of: trustyai-service-operator app.kubernetes.io/managed-by: kustomize + rbac.authorization.k8s.io/aggregate-to-view: "true" + rbac.authorization.k8s.io/aggregate-to-admin: "true" name: trustyaiservice-viewer-role rules: - apiGroups: