aboutsummaryrefslogtreecommitdiffstats
path: root/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml')
-rwxr-xr-xvnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml55
1 files changed, 55 insertions, 0 deletions
diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml
new file mode 100755
index 00000000..bd5fd3fe
--- /dev/null
+++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-operator-rbac.yaml
@@ -0,0 +1,55 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "sparkoperator.fullname" . }}-cr
+ labels:
+ app.kubernetes.io/name: {{ include "sparkoperator.name" . }}
+ helm.sh/chart: {{ include "sparkoperator.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["*"]
+- apiGroups: [""]
+ resources: ["services", "configmaps", "secrets"]
+ verbs: ["create", "get", "delete"]
+- apiGroups: ["extensions"]
+ resources: ["ingresses"]
+ verbs: ["create", "get", "delete"]
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["events"]
+ verbs: ["create", "update", "patch"]
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["create", "get", "update", "delete"]
+- apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["mutatingwebhookconfigurations"]
+ verbs: ["create", "get", "update", "delete"]
+- apiGroups: ["sparkoperator.k8s.io"]
+ resources: ["sparkapplications", "scheduledsparkapplications"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "sparkoperator.fullname" . }}-crb
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: {{ include "sparkoperator.name" . }}
+ helm.sh/chart: {{ include "sparkoperator.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "sparkoperator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: {{ include "sparkoperator.fullname" . }}-cr
+ apiGroup: rbac.authorization.k8s.io
+{{- end }}