open-cluster-management-io
diff --git a/‎addon/v1alpha1/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml
Lines changed: 40 additions & 20 deletions b/‎addon/v1alpha1/0000_03_addon.open-cluster-management.io_addontemplates.crd.yaml
Lines changed: 40 additions & 20 deletions
diff --git a/‎addon/v1alpha1/types_addontemplate.go
Lines changed: 18 additions & 4 deletions b/‎addon/v1alpha1/types_addontemplate.go
Lines changed: 18 additions & 4 deletions
diff --git a/‎addon/v1alpha1/zz_generated.deepcopy.go
Lines changed: 22 additions & 1 deletion b/‎addon/v1alpha1/zz_generated.deepcopy.go
Lines changed: 22 additions & 1 deletion
diff --git a/‎addon/v1alpha1/zz_generated.swagger_doc_generated.go
Lines changed: 18 additions & 1 deletion b/‎addon/v1alpha1/zz_generated.swagger_doc_generated.go
Lines changed: 18 additions & 1 deletion
@@ -384,38 +384,59 @@ spec:
                               to bind the user provided ClusterRole/Role to the "system:open-cluster-management:cluster:<cluster-name>:addon:<addon-name>"
                               Group.
                             properties:
-                              roleRef:
-                                description: RoleRef is an reference to the permission
-                                  resource. it could be a role or a cluster role,
-                                  the user must make sure it exist on the hub cluster.
+                              currentCluster:
+                                description: CurrentCluster contains the configuration
+                                  of CurrentCluster type binding. It is required when
+                                  the type is CurrentCluster.
                                 properties:
-                                  apiGroup:
-                                    description: APIGroup is the group for the resource
-                                      being referenced
-                                    type: string
-                                  kind:
-                                    description: Kind is the type of resource being
-                                      referenced
-                                    type: string
-                                  name:
-                                    description: Name is the name of resource being
-                                      referenced
+                                  clusterRoleName:
+                                    description: ClusterRoleName is the name of the
+                                      clusterrole the addon agent is bound. A rolebinding
+                                      will be created referring to this cluster role
+                                      in each cluster namespace. The user must make
+                                      sure the clusterrole exists on the hub cluster.
                                     type: string
                                 required:
-                                - apiGroup
-                                - kind
-                                - name
+                                - clusterRoleName
                                 type: object
-                                x-kubernetes-map-type: atomic
                               singleNamespace:
                                 description: SingleNamespace contains the configuration
                                   of SingleNamespace type binding. It is required
                                   when the type is SingleNamespace
                                 properties:
                                   namespace:
+                                    description: Namespace is the namespace the addon
+                                      agent has permissions to bind to. A rolebinding
+                                      will be created in this namespace referring
+                                      to the RoleRef.
                                     type: string
+                                  roleRef:
+                                    description: RoleRef is an reference to the permission
+                                      resource. it could be a role or a cluster role,
+                                      the user must make sure it exist on the hub
+                                      cluster.
+                                    properties:
+                                      apiGroup:
+                                        description: APIGroup is the group for the
+                                          resource being referenced
+                                        type: string
+                                      kind:
+                                        description: Kind is the type of resource
+                                          being referenced
+                                        type: string
+                                      name:
+                                        description: Name is the name of resource
+                                          being referenced
+                                        type: string
+                                    required:
+                                    - apiGroup
+                                    - kind
+                                    - name
+                                    type: object
+                                    x-kubernetes-map-type: atomic
                                 required:
                                 - namespace
+                                - roleRef
                                 type: object
                               type:
                                 description: 'Type of the permissions setting. It
@@ -429,7 +450,6 @@ spec:
                                 - SingleNamespace
                                 type: string
                             required:
-                            - roleRef
                             - type
                             type: object
                           type: array
 
@@ -123,19 +123,33 @@ type HubPermissionConfig struct {
 	// +kubebuilder:validation:Enum:=CurrentCluster;SingleNamespace
 	Type HubPermissionsBindingType `json:"type"`
 
-	// RoleRef is an reference to the permission resource. it could be a role or a cluster role,
-	// the user must make sure it exist on the hub cluster.
-	// +kubebuilder:validation:Required
-	RoleRef rbacv1.RoleRef `json:"roleRef"`
+	// CurrentCluster contains the configuration of CurrentCluster type binding.
+	// It is required when the type is CurrentCluster.
+	CurrentCluster *CurrentClusterBindingConfig `json:"currentCluster,omitempty"`
 
 	// SingleNamespace contains the configuration of SingleNamespace type binding.
 	// It is required when the type is SingleNamespace
 	SingleNamespace *SingleNamespaceBindingConfig `json:"singleNamespace,omitempty"`
 }
 
+type CurrentClusterBindingConfig struct {
+	// ClusterRoleName is the name of the clusterrole the addon agent is bound. A rolebinding
+	// will be created referring to this cluster role in each cluster namespace.
+	// The user must make sure the clusterrole exists on the hub cluster.
+	// +kubebuilder:validation:Required
+	ClusterRoleName string `json:"clusterRoleName"`
+}
+
 type SingleNamespaceBindingConfig struct {
+	// Namespace is the namespace the addon agent has permissions to bind to. A rolebinding
+	// will be created in this namespace referring to the RoleRef.
 	// +kubebuilder:validation:Required
 	Namespace string `json:"namespace"`
+
+	// RoleRef is an reference to the permission resource. it could be a role or a cluster role,
+	// the user must make sure it exist on the hub cluster.
+	// +kubebuilder:validation:Required
+	RoleRef rbacv1.RoleRef `json:"roleRef"`
 }
 
 type CustomSignerRegistrationConfig struct {