-
Notifications
You must be signed in to change notification settings - Fork 26
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update ci to install roletemplate crd
- Loading branch information
1 parent
57de868
commit 35775df
Showing
2 changed files
with
175 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,171 @@ | ||
| apiVersion: apiextensions.k8s.io/v1 | ||
| kind: CustomResourceDefinition | ||
| metadata: | ||
| annotations: | ||
| controller-gen.kubebuilder.io/version: v0.12.0 | ||
| creationTimestamp: "2023-10-11T02:04:10Z" | ||
| generation: 2 | ||
| labels: | ||
| app.kubernetes.io/managed-by: rancher | ||
| name: roletemplates.management.cattle.io | ||
| resourceVersion: "6499013" | ||
| uid: 58760b2c-6813-4a7b-a6b3-d58969104075 | ||
| spec: | ||
| conversion: | ||
| strategy: None | ||
| group: management.cattle.io | ||
| names: | ||
| kind: RoleTemplate | ||
| listKind: RoleTemplateList | ||
| plural: roletemplates | ||
| singular: roletemplate | ||
| scope: Cluster | ||
| versions: | ||
| - name: v3 | ||
| schema: | ||
| openAPIV3Schema: | ||
| description: RoleTemplate holds configuration for a template that is used | ||
| to create kubernetes Roles and ClusterRoles (in the rbac.authorization.k8s.io | ||
| group) for a cluster or project. | ||
| properties: | ||
| administrative: | ||
| description: Administrative if false, and context is set to cluster this | ||
| RoleTemplate will not grant access to "CatalogTemplates" and "CatalogTemplateVersions" | ||
| for any project in the cluster. Default is false. | ||
| type: boolean | ||
| apiVersion: | ||
| description: 'APIVersion defines the versioned schema of this representation | ||
| of an object. Servers should convert recognized schemas to the latest | ||
| internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' | ||
| type: string | ||
| builtin: | ||
| description: Builtin if true specifies that this RoleTemplate was created | ||
| by Rancher and is immutable. Default to false. | ||
| type: boolean | ||
| clusterCreatorDefault: | ||
| description: ClusterCreatorDefault if true, a binding with this RoleTemplate | ||
| will be created for a users when they create a new cluster. ClusterCreatorDefault | ||
| is only evaluated if the context of the RoleTemplate is set to cluster. | ||
| Default to false. | ||
| type: boolean | ||
| context: | ||
| description: Context describes if the roleTemplate applies to clusters | ||
| or projects. Valid values are "project", "cluster" or "". | ||
| enum: | ||
| - project | ||
| - cluster | ||
| - "" | ||
| type: string | ||
| description: | ||
| description: Description holds text that describes the resource. | ||
| type: string | ||
| displayName: | ||
| description: DisplayName is the human-readable name displayed in the UI | ||
| for this resource. | ||
| type: string | ||
| external: | ||
| description: External if true specifies that rules for this RoleTemplate | ||
| should be gathered from a ClusterRole with the matching name. If set | ||
| to true the Rules on the template will not be evaluated. External's | ||
| value is only evaluated if the RoleTemplate's context is set to "cluster" | ||
| Default to false. | ||
| type: boolean | ||
| hidden: | ||
| description: Hidden if true informs the Rancher UI not to display this | ||
| RoleTemplate. Default to false. | ||
| type: boolean | ||
| kind: | ||
| description: 'Kind is a string value representing the REST resource this | ||
| object represents. Servers may infer this from the endpoint the client | ||
| submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' | ||
| type: string | ||
| locked: | ||
| description: Locked if true, new bindings will not be able to use this | ||
| RoleTemplate. Default to false. | ||
| type: boolean | ||
| metadata: | ||
| type: object | ||
| projectCreatorDefault: | ||
| description: ProjectCreatorDefault if true, a binding with this RoleTemplate | ||
| will be created for a user when they create a new project. ProjectCreatorDefault | ||
| is only evaluated if the context of the RoleTemplate is set to project. | ||
| Default to false. | ||
| type: boolean | ||
| roleTemplateNames: | ||
| description: RoleTemplateNames list of RoleTemplate names that this RoleTemplate | ||
| will inherit. This RoleTemplate will grant all rules defined in an inherited | ||
| RoleTemplate. Inherited RoleTemplates must already exist. | ||
| items: | ||
| type: string | ||
| type: array | ||
| rules: | ||
| description: Rules hold all the PolicyRules for this RoleTemplate. | ||
| items: | ||
| description: PolicyRule holds information that describes a policy rule, | ||
| but does not contain information about who the rule applies to or | ||
| which namespace the rule applies to. | ||
| properties: | ||
| apiGroups: | ||
| description: APIGroups is the name of the APIGroup that contains | ||
| the resources. If multiple API groups are specified, any action | ||
| requested against one of the enumerated resources in any API group | ||
| will be allowed. "" represents the core API group and "*" represents | ||
| all API groups. | ||
| items: | ||
| type: string | ||
| type: array | ||
| nonResourceURLs: | ||
| description: NonResourceURLs is a set of partial urls that a user | ||
| should have access to. *s are allowed, but only as the full, | ||
| final step in the path Since non-resource URLs are not namespaced, | ||
| this field is only applicable for ClusterRoles referenced from | ||
| a ClusterRoleBinding. Rules can either apply to API resources | ||
| (such as "pods" or "secrets") or non-resource URL paths (such | ||
| as "/api"), but not both. | ||
| items: | ||
| type: string | ||
| type: array | ||
| resourceNames: | ||
| description: ResourceNames is an optional white list of names that | ||
| the rule applies to. An empty set means that everything is allowed. | ||
| items: | ||
| type: string | ||
| type: array | ||
| resources: | ||
| description: Resources is a list of resources this rule applies | ||
| to. '*' represents all resources. | ||
| items: | ||
| type: string | ||
| type: array | ||
| verbs: | ||
| description: Verbs is a list of Verbs that apply to ALL the ResourceKinds | ||
| contained in this rule. '*' represents all verbs. | ||
| items: | ||
| type: string | ||
| type: array | ||
| required: | ||
| - verbs | ||
| type: object | ||
| type: array | ||
| type: object | ||
| served: true | ||
| storage: true | ||
| status: | ||
| acceptedNames: | ||
| kind: RoleTemplate | ||
| listKind: RoleTemplateList | ||
| plural: roletemplates | ||
| singular: roletemplate | ||
| conditions: | ||
| - lastTransitionTime: "2023-10-11T02:04:11Z" | ||
| message: no conflicts found | ||
| reason: NoConflicts | ||
| status: "True" | ||
| type: NamesAccepted | ||
| - lastTransitionTime: "2023-10-11T02:04:11Z" | ||
| message: the initial names have been accepted | ||
| reason: InitialNamesAccepted | ||
| status: "True" | ||
| type: Established | ||
| storedVersions: | ||
| - v3 |