Remove permissions examples for deprecated install process (#832)

* Remove examples related to the install cmd

* Remove install cmd references from docs/PERMISSIONS.md
This commit is contained in:
Nimrod Gilboa Markevich
2022-02-20 14:22:57 +02:00
committed by GitHub
parent 1e2288b9a8
commit 4ec9b9b475
7 changed files with 1 additions and 80 deletions

View File

@@ -80,7 +80,7 @@ Notes:
## List of permissions
The permissions that are required to run Mizu depend on the command (`mizu tap` or `mizu-install`) and on the configuration.
The permissions that are required to run Mizu depend on the configuration.
By default Mizu requires cluster-wide permissions.
If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements.
This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions.

View File

@@ -1,5 +1,4 @@
# This example shows permissions that enrich the logs with additional info
# Optional with `mizu tap` or `mizu-install`
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

View File

@@ -1,49 +0,0 @@
# This example shows the permissions that are required in order to run the `mizu install` command
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-clusterrole
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: ["apps", "extensions"]
resources: ["namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services/proxy"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles"]
verbs: ["create"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get", "list", "create", "patch", "delete"]
- apiGroups: ["events.k8s.io"]
resources: ["events"]
verbs: ["list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-clusterrolebindings
subjects:
- kind: User
name: user1
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: mizu-runner-clusterrole
apiGroup: rbac.authorization.k8s.io

View File

@@ -1,5 +1,4 @@
# This example shows permissions that are required for Mizu to resolve IPs to service names
# Optional with `mizu tap` or `mizu-install`
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:

View File

@@ -1,26 +0,0 @@
# This example shows permissions that are required for persistency with `mizu install` command
# Optional with `mizu-install`
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-persistency-clusterrole
rules:
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["list"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-persistent-clusterrolebindings
subjects:
- kind: User
name: user1
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: mizu-runner-persistency-clusterrole
apiGroup: rbac.authorization.k8s.io

View File

@@ -1,5 +1,4 @@
# This example shows permissions that enrich the logs with additional info in namespace-restricted mode
# Optional with `mizu-tap`
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:

View File

@@ -1,5 +1,4 @@
# This example shows permissions that are required for Mizu to resolve IPs to service names in namespace-restricted mode
# Optional with `mizu-tap`
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata: