diff options
author | Pramod <pramod.raghavendra.jayathirth@intel.com> | 2019-08-28 22:47:54 -0700 |
---|---|---|
committer | Pramod <pramod.raghavendra.jayathirth@intel.com> | 2019-10-01 10:20:39 -0700 |
commit | 7b55292fe1017fc45329ca2d3a9b26395ca0e7ce (patch) | |
tree | cbe7146a62aa1d2da8febfcc8b48af97a9299347 /deployments/helm/servicemesh/rbac/templates/servicerolebinding.yaml | |
parent | 1b8bee840af30f67fcdc0d45ef9334f0461ca1c7 (diff) |
Adding Istio rbac roles for multicloud-k8s
This is used to grant role based access
to user
Issue-ID: MULTICLOUD-790
Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Change-Id: Icf064af7943b337f2cb83c3b4fa29bfb54f5b999
Diffstat (limited to 'deployments/helm/servicemesh/rbac/templates/servicerolebinding.yaml')
-rw-r--r-- | deployments/helm/servicemesh/rbac/templates/servicerolebinding.yaml | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/deployments/helm/servicemesh/rbac/templates/servicerolebinding.yaml b/deployments/helm/servicemesh/rbac/templates/servicerolebinding.yaml new file mode 100644 index 00000000..c17adf7e --- /dev/null +++ b/deployments/helm/servicemesh/rbac/templates/servicerolebinding.yaml @@ -0,0 +1,26 @@ +#{{/* +# Copyright @ 2019 Intel Corporation +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# imitations under the License. +#*/}} +apiVersion: "rbac.istio.io/v1alpha1" +kind: ServiceRoleBinding +metadata: + name: {{ template "servicerolebindingname" . }} + namespace: {{ .Values.namespace }} +spec: + subjects: + - user: {{ .Values.serviceRoleBinding.users | quote }} + roleRef: + kind: ServiceRole + name: {{ .Values.serviceRoleBinding.serviceRoleName | quote }} + mode: {{ .Values.policyEnforcementMode }} |