Closed wtw1994 closed 1 year ago
@zheng1 @wansir
permissions.yaml
defines the permissions used by the helm executor.
following is an example:
kind: ClusterRole
rules:
- verbs:
- 'create'
- 'patch'
- 'update'
apiGroups:
- 'extensions.kubesphere.io'
resources:
- '*'
---
kind: Role
rules:
- verbs:
- '*'
apiGroups:
- ''
- 'apps'
- 'batch'
- 'app.k8s.io'
- 'autoscaling'
resources:
- '*'
- verbs:
- '*'
apiGroups:
- 'networking.k8s.io'
resources:
- 'ingresses'
- 'networkpolicies'
若安装插件需要创建crd namespace 等资源,当前默认权限不能满足,增加permission.yaml用户可自定义安装插件安装实际所需权限,若默认权限满足插件安装需求,用户可以不提供permission.yaml; ksbuilder publish xxx发布插件时创建ClusterRole, 安装插件时创建对应的ClusterRoleBinding;
todo: 用户自定义权限需在前端展示,类似安卓安装app的权限申请,获得用户确认