cscott/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expand RBAC: allow openclaw SA to create/update secrets in openclaw namespace

Browse Source
This commit is contained in:
Conan Scott
2026-04-12 08:00:59 +00:00
parent 1c0399ac09
commit b8ff432e35
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
manifests/serviceaccount-rbac.yaml
View File

@@ -4,8 +4,6 @@ metadata:
name: openclaw name: openclaw
namespace: openclaw namespace: openclaw
--- ---
# Minimal Role/RoleBinding placeholder.
# Adjust permissions once we know what OpenClaw needs (MCP, secrets read, etc.)
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
@@ -15,6 +13,9 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["pods", "pods/log"] resources: ["pods", "pods/log"]
verbs: ["get", "list", "watch"] verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding