allow users to define the resource permissions required to install extension

kubesphere / ksbuilder

A CLI tool helps you to manage the development of kubesphere extensions

MIT License

10 stars 19 forks source link

allow users to define the resource permissions required to install extension #19

Closed wtw1994 closed 1 year ago

wtw1994 commented 1 year ago

若安装插件需要创建crd namespace 等资源，当前默认权限不能满足，增加permission.yaml用户可自定义安装插件安装实际所需权限，若默认权限满足插件安装需求，用户可以不提供permission.yaml； ksbuilder publish xxx发布插件时创建ClusterRole，安装插件时创建对应的ClusterRoleBinding；

todo: 用户自定义权限需在前端展示，类似安卓安装app的权限申请，获得用户确认

wtw1994 commented 1 year ago

@zheng1 @wansir

wansir commented 1 year ago

permissions.yaml defines the permissions used by the helm executor.

following is an example:

kind: ClusterRole
rules:
  - verbs:
      - 'create'
      - 'patch'
      - 'update'
    apiGroups:
      - 'extensions.kubesphere.io'
    resources:
      - '*'

---
kind: Role
rules:
  - verbs:
      - '*'
    apiGroups:
      - ''
      - 'apps'
      - 'batch'
      - 'app.k8s.io'
      - 'autoscaling'
    resources:
      - '*'
  - verbs:
      - '*'
    apiGroups:
      - 'networking.k8s.io'
    resources:
      - 'ingresses'
      - 'networkpolicies'