From ac2a175a888eabe16e090bc67a496957af572424 Mon Sep 17 00:00:00 2001 From: Fiona Waters Date: Mon, 4 Mar 2024 15:43:57 +0000 Subject: [PATCH] CARRY: Allow non-admin user access to view clusterqueue(metrics) --- config/rhoai/batch-user-rolebinding.yaml | 12 ++++++++++++ config/rhoai/clusterqueue_viewer_role_patch.yaml | 7 +++++++ config/rhoai/kustomization.yaml | 2 ++ 3 files changed, 21 insertions(+) create mode 100644 config/rhoai/batch-user-rolebinding.yaml create mode 100644 config/rhoai/clusterqueue_viewer_role_patch.yaml diff --git a/config/rhoai/batch-user-rolebinding.yaml b/config/rhoai/batch-user-rolebinding.yaml new file mode 100644 index 0000000000..eb532afffc --- /dev/null +++ b/config/rhoai/batch-user-rolebinding.yaml @@ -0,0 +1,12 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: batch-user-rolebinding +subjects: + - kind: Group + apiGroup: rbac.authorization.k8s.io + name: 'system:authenticated' +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: batch-user-role diff --git a/config/rhoai/clusterqueue_viewer_role_patch.yaml b/config/rhoai/clusterqueue_viewer_role_patch.yaml new file mode 100644 index 0000000000..bdb73407ca --- /dev/null +++ b/config/rhoai/clusterqueue_viewer_role_patch.yaml @@ -0,0 +1,7 @@ +# patch to add clusterqueue-viewer-role to batch-user +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: clusterqueue-viewer-role + labels: + rbac.kueue.x-k8s.io/batch-user: 'true' diff --git a/config/rhoai/kustomization.yaml b/config/rhoai/kustomization.yaml index d7f94b62be..077fb341eb 100644 --- a/config/rhoai/kustomization.yaml +++ b/config/rhoai/kustomization.yaml @@ -41,6 +41,7 @@ resources: - monitor.yaml - binding_admin_roles.yaml - webhook_network_policy.yaml +- batch-user-rolebinding.yaml patches: # Mount the controller config file for loading manager configurations @@ -51,3 +52,4 @@ patches: - path: auth_proxy_service_patch.yaml - path: mutating_webhook_patch.yaml - path: validating_webhook_patch.yaml +- path: clusterqueue_viewer_role_patch.yaml