From 00aef564fd76691a99de65d11e3632506a0c6d36 Mon Sep 17 00:00:00 2001 From: Pramod Date: Wed, 14 Aug 2019 11:25:56 -0700 Subject: Adding Helm charts of MetalLB MetalLB is the loadbalancer for Kubernetes Issue-ID: MULTICLOUD-747 Signed-off-by: Pramod Change-Id: Ic07877234f9b0f80cb636f7b4e3c265b8be8a945 --- .../helm/servicemesh/metallb/templates/rbac.yaml | 117 +++++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 deployments/helm/servicemesh/metallb/templates/rbac.yaml (limited to 'deployments/helm/servicemesh/metallb/templates/rbac.yaml') diff --git a/deployments/helm/servicemesh/metallb/templates/rbac.yaml b/deployments/helm/servicemesh/metallb/templates/rbac.yaml new file mode 100644 index 00000000..658df7e6 --- /dev/null +++ b/deployments/helm/servicemesh/metallb/templates/rbac.yaml @@ -0,0 +1,117 @@ +{{- if .Values.rbac.create -}} + +# Roles +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "metallb.fullname" . }}:controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch", "update"] +- apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "metallb.fullname" . }}:speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["services", "endpoints", "nodes"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] +{{- if .Values.psp.create }} +- apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + resourceNames: [{{ printf "%s-speaker" (include "metallb.fullname" .) | quote}}] + verbs: ["use"] +{{- end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "metallb.fullname" . }}-config-watcher + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +rules: +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- + +## Role bindings +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metallb.fullname" . }}:controller + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.controllerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "metallb.fullname" . }}:controller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "metallb.fullname" . }}:speaker + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.speakerServiceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "metallb.fullname" . }}:speaker +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "metallb.fullname" . }}-config-watcher + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "metallb.chart" . }} + app: {{ template "metallb.name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "metallb.controllerServiceAccountName" . }} +- kind: ServiceAccount + name: {{ template "metallb.speakerServiceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "metallb.fullname" . }}-config-watcher +{{- end -}} -- cgit 1.2.3-korg