helm: add cluster proxy rbac for admin when deploy Karmada control plane

Signed-off-by: AllenZMC <zhongming.chang@daocloud.io> Signed-off-by: AllenZMC <zhongming.chang@daocloud.io>
2022-03-25 22:39:36 +08:00 · 2022-03-25 22:39:36 +08:00 · c92ca944c1
parent e0eae7c52d
commit c92ca944c1
2 changed files with 163 additions and 137 deletions
--- a/charts/README.md
+++ b/charts/README.md
@ -102,7 +102,7 @@ $ helm install karmada-scheduler-estimator -n karmada-system ./charts
 ```
 ## Configuration
 | Name                                     | Description                                                                                                                                                                                                                                   | Value                                                                                                                                                      |
-| ------------------------- | ----------------------------------------------- | ----- |
+|------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `installMode`                            | InstallMode "host", "agent" and "component" are provided, "host" means install karmada in the control-cluster, "agent" means install agent client in the member cluster, "component" means install selected components in the control-cluster | `"host"`                                                                                                                                                   |
 | `clusterDomain`                          | Default cluster domain for karmada                                                                                                                                                                                                            | `"cluster.local"`                                                                                                                                          |
 | `components`                             | Selected components list, selectable values: "schedulerEstimator"                                                                                                                                                                             | `[]`                                                                                                                                                       |
--- a/charts/templates/cluster-proxy-admin-rbac.yaml
+++ b/charts/templates/cluster-proxy-admin-rbac.yaml
@ -0,0 +1,26 @@
+{{- $name := include "karmada.name" . -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ $name }}-cluster-proxy-admin
+rules:
+  - apiGroups:
+      - 'cluster.karmada.io'
+    resources:
+      - clusters/proxy
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ $name }}-cluster-proxy-admin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $name }}-cluster-proxy-admin
+subjects:
+  - kind: User
+    name: "system:admin"
+