diff options
Diffstat (limited to 'kud/deployment_infra/helm/sdewan_controllers/templates/role.yaml')
-rw-r--r-- | kud/deployment_infra/helm/sdewan_controllers/templates/role.yaml | 342 |
1 files changed, 342 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/sdewan_controllers/templates/role.yaml b/kud/deployment_infra/helm/sdewan_controllers/templates/role.yaml new file mode 100644 index 00000000..79e7b102 --- /dev/null +++ b/kud/deployment_infra/helm/sdewan_controllers/templates/role.yaml @@ -0,0 +1,342 @@ +#/* Copyright 2020 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sdewan-leader-election-role + namespace: {{ .Values.namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + sdewan-bucket-type-permission: '{ "*": ["*"]}' + creationTimestamp: null + name: sdewan-manager-role +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - list + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewalldnats + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewalldnats/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallforwardings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallforwardings/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallrules/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallsnats + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallsnats/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallzones + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - firewallzones/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsechosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsechosts/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecproposals + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecproposals/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecsites + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - ipsecsites/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - mwan3policies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - mwan3policies/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - mwan3rules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - mwan3rules/status + verbs: + - get + - patch + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sdewan-proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: sdewan-leader-election-rolebinding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sdewan-leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: sdewan-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: sdewan-manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Values.namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: sdewan-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: sdewan-proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: {{ .Values.namespace }} |