tao12345666333 commented on code in PR #1131:
URL:
https://github.com/apache/apisix-ingress-controller/pull/1131#discussion_r913193002
##########
samples/deploy/rbac/apisix_view_clusterrole.yaml:
##########
@@ -20,150 +20,161 @@ kind: ClusterRole
metadata:
name: apisix-view-clusterrole
rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - "*"
-- apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - persistentvolumeclaims
- - pods
- - replicationcontrollers
- - replicationcontrollers/scale
- - serviceaccounts
- - services
- - secrets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - bindings
- - limitranges
- - namespaces/status
- - pods/log
- - pods/status
- - replicationcontrollers/status
- - resourcequotas
- - resourcequotas/status
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apps
- resources:
- - controllerrevisions
- - daemonsets
- - deployments
- - deployments/scale
- - replicasets
- - replicasets/scale
- - statefulsets
- - statefulsets/scale
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - batch
- resources:
- - cronjobs
- - jobs
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - extensions
- resources:
- - daemonsets
- - deployments
- - deployments/scale
- - ingresses
- - networkpolicies
- - replicasets
- - replicasets/scale
- - replicationcontrollers/scale
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - policy
- resources:
- - poddisruptionbudgets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - networking.k8s.io
- resources:
- - ingresses
- - ingresses/status
- - networkpolicies
- verbs:
- - '*'
-- apiGroups:
- - metrics.k8s.io
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apisix.apache.org
- resources:
- - apisixroutes
- - apisixroutes/status
- - apisixupstreams
- - apisixupstreams/status
- - apisixtlses
- - apisixtlses/status
- - apisixclusterconfigs
- - apisixclusterconfigs/status
- - apisixconsumers
- - apisixconsumers/status
- - apisixpluginconfigs
- - apisixpluginconfigs/status
- verbs:
- - '*'
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - '*'
-- apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - "*"
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - persistentvolumeclaims
+ - pods
+ - replicationcontrollers
+ - replicationcontrollers/scale
+ - serviceaccounts
+ - services
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - bindings
+ - limitranges
+ - namespaces/status
+ - pods/log
+ - pods/status
+ - replicationcontrollers/status
+ - resourcequotas
+ - resourcequotas/status
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ - daemonsets
+ - deployments
+ - deployments/scale
+ - replicasets
+ - replicasets/scale
+ - statefulsets
+ - statefulsets/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - autoscaling
+ resources:
+ - horizontalpodautoscalers
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - batch
+ resources:
+ - cronjobs
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ resources:
+ - daemonsets
+ - deployments
+ - deployments/scale
+ - ingresses
+ - networkpolicies
+ - replicasets
+ - replicasets/scale
+ - replicationcontrollers/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ - ingresses/status
+ - networkpolicies
Review Comment:
we don't need `networkpolicies` resource.
##########
samples/deploy/rbac/apisix_view_clusterrole.yaml:
##########
@@ -20,150 +20,161 @@ kind: ClusterRole
metadata:
name: apisix-view-clusterrole
rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - "*"
-- apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - persistentvolumeclaims
- - pods
- - replicationcontrollers
- - replicationcontrollers/scale
- - serviceaccounts
- - services
- - secrets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - bindings
- - limitranges
- - namespaces/status
- - pods/log
- - pods/status
- - replicationcontrollers/status
- - resourcequotas
- - resourcequotas/status
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apps
- resources:
- - controllerrevisions
- - daemonsets
- - deployments
- - deployments/scale
- - replicasets
- - replicasets/scale
- - statefulsets
- - statefulsets/scale
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - batch
- resources:
- - cronjobs
- - jobs
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - extensions
- resources:
- - daemonsets
- - deployments
- - deployments/scale
- - ingresses
- - networkpolicies
- - replicasets
- - replicasets/scale
- - replicationcontrollers/scale
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - policy
- resources:
- - poddisruptionbudgets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - networking.k8s.io
- resources:
- - ingresses
- - ingresses/status
- - networkpolicies
- verbs:
- - '*'
-- apiGroups:
- - metrics.k8s.io
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apisix.apache.org
- resources:
- - apisixroutes
- - apisixroutes/status
- - apisixupstreams
- - apisixupstreams/status
- - apisixtlses
- - apisixtlses/status
- - apisixclusterconfigs
- - apisixclusterconfigs/status
- - apisixconsumers
- - apisixconsumers/status
- - apisixpluginconfigs
- - apisixpluginconfigs/status
- verbs:
- - '*'
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - '*'
-- apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - "*"
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - persistentvolumeclaims
+ - pods
+ - replicationcontrollers
+ - replicationcontrollers/scale
+ - serviceaccounts
+ - services
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - bindings
+ - limitranges
+ - namespaces/status
+ - pods/log
+ - pods/status
+ - replicationcontrollers/status
+ - resourcequotas
+ - resourcequotas/status
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ - daemonsets
+ - deployments
+ - deployments/scale
+ - replicasets
+ - replicasets/scale
+ - statefulsets
+ - statefulsets/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - autoscaling
+ resources:
+ - horizontalpodautoscalers
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - batch
+ resources:
+ - cronjobs
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ resources:
+ - daemonsets
+ - deployments
+ - deployments/scale
+ - ingresses
+ - networkpolicies
+ - replicasets
+ - replicasets/scale
+ - replicationcontrollers/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ - ingresses/status
+ - networkpolicies
+ verbs:
+ - '*'
+ - apiGroups:
+ - metrics.k8s.io
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apisix.apache.org
+ resources:
+ - apisixroutes
+ - apisixroutes/status
+ - apisixupstreams
+ - apisixupstreams/status
+ - apisixtlses
+ - apisixtlses/status
+ - apisixclusterconfigs
+ - apisixclusterconfigs/status
+ - apisixconsumers
+ - apisixconsumers/status
+ - apisixpluginconfigs
+ - apisixpluginconfigs/status
+ verbs:
+ - '*'
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - '*'
+ - apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - httproutes
+ - tlsroutes
+ - gateways
+ - gatewayclasses
+ verbs:
+ - get
+ - list
+ - watch
Review Comment:
maybe we need `status` sub-resource also.
```
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
- tlsroutes/status
verbs:
- update
```
##########
samples/deploy/rbac/apisix_view_clusterrole.yaml:
##########
@@ -20,150 +20,161 @@ kind: ClusterRole
metadata:
name: apisix-view-clusterrole
rules:
-- apiGroups:
- - ""
- resources:
- - events
- verbs:
- - "*"
-- apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - persistentvolumeclaims
- - pods
- - replicationcontrollers
- - replicationcontrollers/scale
- - serviceaccounts
- - services
- - secrets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - bindings
- - limitranges
- - namespaces/status
- - pods/log
- - pods/status
- - replicationcontrollers/status
- - resourcequotas
- - resourcequotas/status
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ""
- resources:
- - namespaces
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apps
- resources:
- - controllerrevisions
- - daemonsets
- - deployments
- - deployments/scale
- - replicasets
- - replicasets/scale
- - statefulsets
- - statefulsets/scale
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - autoscaling
- resources:
- - horizontalpodautoscalers
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - batch
- resources:
- - cronjobs
- - jobs
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - extensions
- resources:
- - daemonsets
- - deployments
- - deployments/scale
- - ingresses
- - networkpolicies
- - replicasets
- - replicasets/scale
- - replicationcontrollers/scale
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - policy
- resources:
- - poddisruptionbudgets
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - networking.k8s.io
- resources:
- - ingresses
- - ingresses/status
- - networkpolicies
- verbs:
- - '*'
-- apiGroups:
- - metrics.k8s.io
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - apisix.apache.org
- resources:
- - apisixroutes
- - apisixroutes/status
- - apisixupstreams
- - apisixupstreams/status
- - apisixtlses
- - apisixtlses/status
- - apisixclusterconfigs
- - apisixclusterconfigs/status
- - apisixconsumers
- - apisixconsumers/status
- - apisixpluginconfigs
- - apisixpluginconfigs/status
- verbs:
- - '*'
-- apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - '*'
-- apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - "*"
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - endpoints
+ - persistentvolumeclaims
+ - pods
+ - replicationcontrollers
+ - replicationcontrollers/scale
+ - serviceaccounts
+ - services
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - bindings
+ - limitranges
+ - namespaces/status
+ - pods/log
+ - pods/status
+ - replicationcontrollers/status
+ - resourcequotas
+ - resourcequotas/status
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - apps
+ resources:
+ - controllerrevisions
+ - daemonsets
+ - deployments
+ - deployments/scale
+ - replicasets
+ - replicasets/scale
+ - statefulsets
+ - statefulsets/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - autoscaling
+ resources:
+ - horizontalpodautoscalers
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - batch
+ resources:
+ - cronjobs
+ - jobs
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ resources:
+ - daemonsets
+ - deployments
+ - deployments/scale
+ - ingresses
+ - networkpolicies
+ - replicasets
+ - replicasets/scale
+ - replicationcontrollers/scale
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ - ingresses/status
Review Comment:
I think there should be a split here
```
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
```
and
```
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
