mirror of
https://github.com/portainer/portainer.git
synced 2025-07-21 22:39:41 +02:00
6a67e8142d
* fix(frontend) prevent notification showing Object Object EE-1745 * fix(frontend) fix notification args in wrong order EE-1745 * fix(rbac) add metrics rbac for regular users EE-1745 Co-authored-by: Simon Meng <simon.meng@portainer.io>
48 lines
1 KiB
Go
48 lines
1 KiB
Go
package cli
|
|
|
|
import (
|
|
rbacv1 "k8s.io/api/rbac/v1"
|
|
k8serrors "k8s.io/apimachinery/pkg/api/errors"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
)
|
|
|
|
func getPortainerUserDefaultPolicies() []rbacv1.PolicyRule {
|
|
return []rbacv1.PolicyRule{
|
|
{
|
|
Verbs: []string{"list"},
|
|
Resources: []string{"namespaces", "nodes"},
|
|
APIGroups: []string{""},
|
|
},
|
|
{
|
|
Verbs: []string{"list"},
|
|
Resources: []string{"storageclasses"},
|
|
APIGroups: []string{"storage.k8s.io"},
|
|
},
|
|
{
|
|
Verbs: []string{"list"},
|
|
Resources: []string{"namespaces", "pods"},
|
|
APIGroups: []string{"metrics.k8s.io"},
|
|
},
|
|
}
|
|
}
|
|
|
|
func (kcl *KubeClient) upsertPortainerK8sClusterRoles() error {
|
|
clusterRole := &rbacv1.ClusterRole{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: portainerUserCRName,
|
|
},
|
|
Rules: getPortainerUserDefaultPolicies(),
|
|
}
|
|
|
|
_, err := kcl.cli.RbacV1().ClusterRoles().Create(clusterRole)
|
|
if err != nil {
|
|
if k8serrors.IsAlreadyExists(err) {
|
|
_, err = kcl.cli.RbacV1().ClusterRoles().Update(clusterRole)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|