diff options
Diffstat (limited to 'files')
| -rw-r--r-- | files/origin-components/console-config.yaml | 25 | ||||
| -rw-r--r-- | files/origin-components/console-rbac-template.yaml | 38 |
2 files changed, 52 insertions, 11 deletions
diff --git a/files/origin-components/console-config.yaml b/files/origin-components/console-config.yaml index e104e8028..55c650fbe 100644 --- a/files/origin-components/console-config.yaml +++ b/files/origin-components/console-config.yaml @@ -1,15 +1,18 @@ -kind: WebConsoleConfiguration apiVersion: webconsole.config.openshift.io/v1 -extensionDevelopment: false -extensionProperties: null -extensionScripts: null -extensionStylesheets: null -extensions: null -loggingPublicURL: "" -logoutURL: "" -masterPublicURL: https://127.0.0.1:8443 -metricsPublicURL: "" -publicURL: https://127.0.0.1:8443/console/ +kind: WebConsoleConfiguration +clusterInfo: + consolePublicURL: https://127.0.0.1:8443/console/ + loggingPublicURL: "" + logoutPublicURL: "" + masterPublicURL: https://127.0.0.1:8443 + metricsPublicURL: "" +extensions: + scriptURLs: [] + stylesheetURLs: [] + properties: null +features: + inactivityTimeoutMinutes: 0 + clusterResourceOverridesEnabled: false servingInfo: bindAddress: 0.0.0.0:8443 bindNetwork: tcp4 diff --git a/files/origin-components/console-rbac-template.yaml b/files/origin-components/console-rbac-template.yaml new file mode 100644 index 000000000..9ee117199 --- /dev/null +++ b/files/origin-components/console-rbac-template.yaml @@ -0,0 +1,38 @@ +apiVersion: template.openshift.io/v1 +kind: Template +metadata: + name: web-console-server-rbac +parameters: +- name: NAMESPACE + # This namespace cannot be changed. Only `openshift-web-console` is supported. + value: openshift-web-console +objects: + + +# allow grant powers to the webconsole server for cluster inspection +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRole + metadata: + name: system:openshift:web-console-server + rules: + - apiGroups: + - "servicecatalog.k8s.io" + resources: + - clusterservicebrokers + verbs: + - get + - list + - watch + +# Grant the service account for the web console +- apiVersion: rbac.authorization.k8s.io/v1beta1 + kind: ClusterRoleBinding + metadata: + name: system:openshift:web-console-server + roleRef: + kind: ClusterRole + name: system:openshift:web-console-server + subjects: + - kind: ServiceAccount + namespace: ${NAMESPACE} + name: webconsole |