Support PVC resource

- Allow R for guests and reporters - Allow R+W for developers and maintainers
numberly · Dec 9, 2019 · 31b02c5 · 31b02c5
1 parent bf0b532
commit 31b02c5
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 26 deletions.
diff --git a/README.md b/README.md
@@ -124,18 +124,20 @@ Any admin on GitLab is an admin of the Kubernetes cluster.
 | statefulsets/scale           |       |          | R+W       | R+W        |
 
 #### Setup
-| Resource        | Guest | Reporter | Developer | Maintainer |
-|:---------------:|:-----:|:--------:|:---------:|:----------:|
-| configmaps      | R     | R        | R+W       | R+W        |
-| endpoints       | R     | R        | R+W       | R+W        |
-| networkpolicies | R     | R        | R+W       | R+W        |
-| serviceaccounts | R     | R        | R+W       | R+W        |
-| certificates    |       |          | R+W       | R+W        |
-| secrets         |       |          | R+W       | R+W        |
-| limitranges     |       |          | R         | R+W        |
-| resourcequotas  |       |          | R         | R+W        |
-| rolebindings    |       |          | R         | R+W        |
-| roles           |       |          | R         | R+W        |
+| Resource                      | Guest | Reporter | Developer | Maintainer |
+|:-----------------------------:|:-----:|:--------:|:---------:|:----------:|
+| configmaps                    | R     | R        | R+W       | R+W        |
+| endpoints                     | R     | R        | R+W       | R+W        |
+| networkpolicies               | R     | R        | R+W       | R+W        |
+| persistentvolumeclaims        | R     | R        | R+W       | R+W        |
+| persistentvolumeclaims/status | R     | R        | R+W       | R+W        |
+| serviceaccounts               | R     | R        | R+W       | R+W        |
+| certificates                  |       |          | R+W       | R+W        |
+| secrets                       |       |          | R+W       | R+W        |
+| limitranges                   |       |          | R         | R+W        |
+| resourcequotas                |       |          | R         | R+W        |
+| rolebindings                  |       |          | R         | R+W        |
+| roles                         |       |          | R         | R+W        |
 
 <!-- Not relevant for users (yet?)
 
@@ -186,8 +188,6 @@ Any admin on GitLab is an admin of the Kubernetes cluster.
 | leases                          |       |          |           |            |
 | localsubjectaccessreviews       |       |          |           |            |
 | orders                          |       |          |           |            |
-| persistentvolumeclaims          |       |          |           |            |
-| persistentvolumeclaims/status   |       |          |           |            |
 | poddisruptionbudgets            |       |          |           |            |
 | poddisruptionbudgets/status     |       |          |           |            |
 | podpreset                       |       |          |           |            |

diff --git a/deploy/configuration.yaml b/deploy/configuration.yaml
@@ -46,6 +46,8 @@ rules:
   - configmaps
   - endpoints
   - networkpolicies
+  - persistentvolumeclaims
+  - persistentvolumeclaims/status
   - serviceaccounts
   verbs:
   - get
@@ -77,6 +79,7 @@ rules:
   - cronjobs
   - daemonsets
   - deployments
+  - events
   - horizontalpodautoscalers
   - ingresses
   - jobs
@@ -85,11 +88,12 @@ rules:
   - replicationcontrollers
   - services
   - statefulsets
-  - events
   # setup
   - configmaps
   - endpoints
   - networkpolicies
+  - persistentvolumeclaims
+  - persistentvolumeclaims/status
   - serviceaccounts
   verbs:
   - get
@@ -118,22 +122,24 @@ rules:
   - services
   - statefulsets
   # actions
-  - pods/log
-  - pods/portforward
   - deployments/rollback
   - deployments/scale
   - pods/attach
   - pods/exec
+  - pods/log
+  - pods/portforward
   - replicasets/scale
   - replicationcontrollers/scale
   - statefulsets/scale
   # setup
+  - certificates
   - configmaps
   - endpoints
   - networkpolicies
-  - serviceaccounts
-  - certificates
+  - persistentvolumeclaims
+  - persistentvolumeclaims/status
   - secrets
+  - serviceaccounts
   verbs:
   - create
   - delete
@@ -169,6 +175,7 @@ rules:
   - daemonsets
   - deployments
   - deployments/scale
+  - events
   - horizontalpodautoscalers
   - ingresses
   - jobs
@@ -177,28 +184,29 @@ rules:
   - replicationcontrollers
   - services
   - statefulsets
-  - events
   # actions
-  - pods/log
-  - pods/portforward
   - deployments/rollback
   - deployments/scale
   - pods/attach
   - pods/exec
+  - pods/log
+  - pods/portforward
   - replicasets/scale
   - replicationcontrollers/scale
   - statefulsets/scale
   # setup
+  - certificates
   - configmaps
   - endpoints
-  - networkpolicies
-  - serviceaccounts
-  - certificates
-  - secrets
   - limitranges
+  - networkpolicies
+  - persistentvolumeclaims
+  - persistentvolumeclaims/status
   - resourcequotas
   - rolebindings
   - roles
+  - secrets
+  - serviceaccounts
   verbs:
   - create
   - delete