aimuz 3.1 做了修复(kubesphere/kubesphere#3042), demo.kubesphere.io 之前fix过镜像不小心又被退回 3.0 了 , 3.0 环境中可以这么自定义角色
apiVersion: iam.kubesphere.io/v1alpha2
kind: GlobalRole
metadata:
annotations:
iam.kubesphere.io/aggregation-roles: '["role-template-view-clusters","role-template-view-roles","role-template-view-users","role-template-view-workspaces","role-template-manage-platform-settings","role-template-view-basic","role-template-view-app-templates"]'
iam.kubesphere.io/rego-override: |-
package authz
default allow = false
allow = true {
input.APIGroup != "terminal.kubesphere.io"
allowedVerbs := ["get","list","watch"]
allowedVerbs[_] == input.Verb
}
kubesphere.io/creator: admin
labels:
kubefed.io/managed: "false"
name: viewer
rules: []