path: root/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml
diff options
authorPramod <pramod.raghavendra.jayathirth@intel.com>2019-07-31 12:57:09 -0700
committerMarco Platania <platania@research.att.com>2019-08-06 13:46:07 +0000
commitc453b17f1d0144ca0e084da00f2e55de5e922d31 (patch)
tree8065ffe616c8cabb83336a183a20ad17cef360b6 /vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml
parentf3955755cfff89fa03ed9c2f8958ee6faca2281f (diff)
Helm chart for Istio Operator
Operator is required to manage the lifecycle fo Istio deployments Issue-ID: MULTICLOUD-710 Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com> Change-Id: I9ea2427eb88caf06c41fcf2fb6f0cc0c66e8fb96
Diffstat (limited to 'vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml')
1 files changed, 315 insertions, 0 deletions
diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml
new file mode 100644
index 00000000..d506ee41
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml
@@ -0,0 +1,315 @@
+{{- if .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+ name: {{ include "istio-operator.fullname" . }}-operator
+ labels:
+ app.kubernetes.io/name: {{ include "istio-operator.name" . }}
+ helm.sh/chart: {{ include "istio-operator.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion }}
+ app.kubernetes.io/component: operator
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+ name: {{ include "istio-operator.fullname" . }}-operator
+ labels:
+ app.kubernetes.io/name: {{ include "istio-operator.name" . }}
+ helm.sh/chart: {{ include "istio-operator.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion }}
+ app.kubernetes.io/component: operator
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - services
+ - endpoints
+ - pods
+ - replicationcontrollers
+ - services
+ - endpoints
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - extensions
+ resources:
+ - ingresses
+ - ingresses/status
+ verbs:
+ - '*'
+- apiGroups:
+ - extensions
+ resources:
+ - deployments
+ verbs:
+ - get
+- apiGroups:
+ - extensions
+ resources:
+ - deployments/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - extensions
+ resources:
+ - replicasets
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - policy
+ resources:
+ - poddisruptionbudgets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - autoscaling
+ resources:
+ - horizontalpodautoscalers
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - '*'
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - clusterrolebindings
+ - roles
+ - rolebindings
+ - ""
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - istio.banzaicloud.io
+ resources:
+ - istios
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - istio.banzaicloud.io
+ resources:
+ - istios/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - authentication.istio.io
+ - cloud.istio.io
+ - config.istio.io
+ - istio.istio.io
+ - networking.istio.io
+ - rbac.istio.io
+ - scalingpolicy.istio.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - istio.banzaicloud.io
+ resources:
+ - remoteistios
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - istio.banzaicloud.io
+ resources:
+ - remoteistios/status
+ verbs:
+ - get
+ - update
+ - patch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - istio.banzaicloud.io
+ resources:
+ - istios
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - mutatingwebhookconfigurations
+ - validatingwebhookconfigurations
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+ name: {{ include "istio-operator.fullname" . }}-operator
+ labels:
+ app.kubernetes.io/name: {{ include "istio-operator.name" . }}
+ helm.sh/chart: {{ include "istio-operator.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion }}
+ app.kubernetes.io/component: operator
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "istio-operator.fullname" . }}-operator
+- kind: ServiceAccount
+ name: {{ include "istio-operator.fullname" . }}-operator
+ namespace: {{ .Release.Namespace }}
+{{- end }}