mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-09-14 13:45:06 +00:00
rbac bootstrap policy: add selfsubjectrulesreviews to basic-user
This commit is contained in:
@@ -169,7 +169,7 @@ func ClusterRoles() []rbac.ClusterRole {
|
||||
ObjectMeta: metav1.ObjectMeta{Name: "system:basic-user"},
|
||||
Rules: []rbac.PolicyRule{
|
||||
// TODO add future selfsubjectrulesreview, project request APIs, project listing APIs
|
||||
rbac.NewRule("create").Groups(authorizationGroup).Resources("selfsubjectaccessreviews").RuleOrDie(),
|
||||
rbac.NewRule("create").Groups(authorizationGroup).Resources("selfsubjectaccessreviews", "selfsubjectrulesreviews").RuleOrDie(),
|
||||
},
|
||||
},
|
||||
|
||||
|
@@ -522,6 +522,7 @@ items:
|
||||
- authorization.k8s.io
|
||||
resources:
|
||||
- selfsubjectaccessreviews
|
||||
- selfsubjectrulesreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiVersion: rbac.authorization.k8s.io/v1
|
||||
|
Reference in New Issue
Block a user