diff options
| author |   Pramod <pramod.raghavendra.jayathirth@intel.com> | 2019-08-05 15:35:41 -0700 |
|---|---|---|
| committer | Pramod <pramod.raghavendra.jayathirth@intel.com> | 2019-08-05 15:43:14 -0700 |
| commit | b54f9760780c88ecd5bb8ae24766849122f871df (patch) | |
| tree | d365c174bc42429bb2426301d74252a801e5f190 /deployments/helm/servicemesh/istio-operator/templates/authproxy-rbac.yaml | |
| parent | 4fb6acf5a720a0554c08a6f1d3526271b6317cdb (diff) | |
Helm chart to deploy Istio-operator
Istio-operator is required to manage the
lifecycle and deployments of Istio
Issue-ID: MULTICLOUD-710
Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Change-Id: Ifd2d05e790148096b5c0b454208e233aa5a299f9
Diffstat (limited to 'deployments/helm/servicemesh/istio-operator/templates/authproxy-rbac.yaml')
| -rw-r--r-- | deployments/helm/servicemesh/istio-operator/templates/authproxy-rbac.yaml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/istio-operator/templates/authproxy-rbac.yaml b/deployments/helm/servicemesh/istio-operator/templates/authproxy-rbac.yaml new file mode 100644 index 00000000..8a047e03 --- /dev/null +++ b/deployments/helm/servicemesh/istio-operator/templates/authproxy-rbac.yaml @@ -0,0 +1,54 @@ +{{- if and .Values.rbac.enabled .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "istio-operator.fullname" . }}-authproxy + labels: + app.kubernetes.io/name: {{ include "istio-operator.name" . }} + helm.sh/chart: {{ include "istio-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: authproxy +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "{{ include "istio-operator.fullname" . }}-authproxy" + labels: + app.kubernetes.io/name: {{ include "istio-operator.name" . }} + helm.sh/chart: {{ include "istio-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: authproxy +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: "{{ include "istio-operator.fullname" . }}-authproxy" + labels: + app.kubernetes.io/name: {{ include "istio-operator.name" . }} + helm.sh/chart: {{ include "istio-operator.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: authproxy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "{{ include "istio-operator.fullname" . }}-authproxy" +subjects: +- kind: ServiceAccount + name: {{ include "istio-operator.fullname" . }}-authproxy + namespace: {{ .Release.Namespace }} +{{- end }} |