github/kubeshark
1
0
Fork 0
mirror of https://github.com/kubeshark/kubeshark.git synced 2025-09-20 01:32:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove permissions examples for deprecated install process (#832)

Browse Source 
* Remove examples related to the install cmd

* Remove install cmd references from docs/PERMISSIONS.md
This commit is contained in:
Nimrod Gilboa Markevich
2022-02-20 14:22:57 +02:00
committed by GitHub
parent 1e2288b9a8
commit 4ec9b9b475
7 changed files with 1 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/PERMISSIONS.md
View File

@@ -80,7 +80,7 @@ Notes:
## List of permissions ## List of permissions
The permissions that are required to run Mizu depend on the command (`mizu tap` or `mizu-install`) and on the configuration. The permissions that are required to run Mizu depend on the configuration.
By default Mizu requires cluster-wide permissions. By default Mizu requires cluster-wide permissions.
If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements. If these are not available to the user, it is possible to run Mizu in namespace-restricted mode which has a reduced set of requirements.
This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions. This is done by by setting the `mizu-resources-namespace` config option. See [configuration](CONFIGURATION.md) for instructions.

1
examples/roles/permissions-all-namespaces-debug-optional.yaml
View File

@@ -1,5 +1,4 @@
# This example shows permissions that enrich the logs with additional info # This example shows permissions that enrich the logs with additional info
# Optional with `mizu tap` or `mizu-install`
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:

49
examples/roles/permissions-all-namespaces-install.yaml
View File

@@ -1,49 +0,0 @@
# This example shows the permissions that are required in order to run the `mizu install` command
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-clusterrole
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["create"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: ["apps", "extensions"]
resources: ["namespaces"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["services/proxy"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["roles"]
verbs: ["create"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get", "list", "create", "patch", "delete"]
- apiGroups: ["events.k8s.io"]
resources: ["events"]
verbs: ["list"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-clusterrolebindings
subjects:
- kind: User
name: user1
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: mizu-runner-clusterrole
apiGroup: rbac.authorization.k8s.io

1
examples/roles/permissions-all-namespaces-ip-resolution-optional.yaml
View File

@@ -1,5 +1,4 @@
# This example shows permissions that are required for Mizu to resolve IPs to service names # This example shows permissions that are required for Mizu to resolve IPs to service names
# Optional with `mizu tap` or `mizu-install`
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:

26
examples/roles/permissions-all-namespaces-persistency-optional.yaml
View File

@@ -1,26 +0,0 @@
# This example shows permissions that are required for persistency with `mizu install` command
# Optional with `mizu-install`
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-persistency-clusterrole
rules:
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["list"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["create"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: mizu-runner-persistent-clusterrolebindings
subjects:
- kind: User
name: user1
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: mizu-runner-persistency-clusterrole
apiGroup: rbac.authorization.k8s.io

1
examples/roles/permissions-ns-debug-optional.yaml
View File

@@ -1,5 +1,4 @@
# This example shows permissions that enrich the logs with additional info in namespace-restricted mode # This example shows permissions that enrich the logs with additional info in namespace-restricted mode
# Optional with `mizu-tap`
kind: Role kind: Role
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:

1
examples/roles/permissions-ns-ip-resolution-optional.yaml
View File

@@ -1,5 +1,4 @@
# This example shows permissions that are required for Mizu to resolve IPs to service names in namespace-restricted mode # This example shows permissions that are required for Mizu to resolve IPs to service names in namespace-restricted mode
# Optional with `mizu-tap`
kind: Role kind: Role
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata: