diff options
Diffstat (limited to 'vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml')
-rwxr-xr-x | vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml new file mode 100755 index 00000000..fa066053 --- /dev/null +++ b/vnfs/DAaaS/operator/charts/sparkoperator/templates/spark-rbac.yaml @@ -0,0 +1,44 @@ +{{- if and (.Values.rbac.create) (ne .Values.sparkJobNamespace "") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Values.sparkJobNamespace }} + name: spark-role + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "" # "" indicates the core API group + resources: + - "pods" + verbs: + - "*" +- apiGroups: + - "" # "" indicates the core API group + resources: + - "services" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: spark-role-binding + namespace: {{ .Values.sparkJobNamespace }} + labels: + app.kubernetes.io/name: {{ include "sparkoperator.name" . }} + helm.sh/chart: {{ include "sparkoperator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +subjects: +- kind: ServiceAccount + name: {{ include "spark.serviceAccountName" . }} + namespace: {{ .Values.sparkJobNamespace }} +roleRef: + kind: Role + name: spark-role + apiGroup: rbac.authorization.k8s.io +{{- end }} |