diff options
author | 2019-07-31 14:11:31 -0700 | |
---|---|---|
committer | 2019-08-06 13:46:52 +0000 | |
commit | 5c2e32383495486611c1a8976fc937129414933d (patch) | |
tree | 63e66a50d98211f4162c9fe95e0dcf67eaddb2fd /vnfs/DAaaS/deploy/00-init/metallb/templates/rbac.yaml | |
parent | c453b17f1d0144ca0e084da00f2e55de5e922d31 (diff) |
Helm charts for Metallb
Metallb is a loadbalancer for Kubernetes
Issue-ID: MULTICLOUD-747
Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Change-Id: If5501da743ad37c6e343a0f460f0674d1554704c
Diffstat (limited to 'vnfs/DAaaS/deploy/00-init/metallb/templates/rbac.yaml')
-rw-r--r-- | vnfs/DAaaS/deploy/00-init/metallb/templates/rbac.yaml | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/vnfs/DAaaS/deploy/00-init/metallb/templates/rbac.yaml b/vnfs/DAaaS/deploy/00-init/metallb/templates/rbac.yaml new file mode 100644 index 00000000..658df7e6 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/metallb/templates/rbac.yaml @@ -0,0 +1,117 @@ +{{- if .Values.rbac.create -}} + +# Roles +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "metallb.fullname" . }}:controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "metallb.fullname" . }}:speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["services", "endpoints", "nodes"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +{{- if .Values.psp.create }} +- apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + resourceNames: [{{ printf "%s-speaker" (include "metallb.fullname" .) | quote}}] + verbs: ["use"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "metallb.fullname" . }}-config-watcher + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- + +## Role bindings +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metallb.fullname" . }}:controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "metallb.fullname" . }}:controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metallb.fullname" . }}:speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.speakerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "metallb.fullname" . }}:speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "metallb.fullname" . }}-config-watcher + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.controllerServiceAccountName" . }} +- kind: ServiceAccount + name: {{ template "metallb.speakerServiceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "metallb.fullname" . }}-config-watcher +{{- end -}} |