diff options
Diffstat (limited to 'kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml')
-rw-r--r-- | kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml new file mode 100644 index 0000000000..add5622f41 --- /dev/null +++ b/kubernetes/platform/components/cmpv2-cert-provider/templates/roles.yaml @@ -0,0 +1,167 @@ +{{ if .Values.global.CMPv2CertManagerIntegration }} + +# ============LICENSE_START======================================================= +# Copyright (c) 2020 Nokia +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: cmpv2-issuer-leader-election-role + namespace: {{ include "common.namespace" . }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cmpv2-issuer-manager-role +rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - certificaterequests + verbs: + - get + - list + - update + - watch + - apiGroups: + - cert-manager.io + resources: + - certificaterequests/status + verbs: + - get + - patch + - update + - apiGroups: + - certmanager.onap.org + resources: + - cmpv2issuers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - certmanager.onap.org + resources: + - cmpv2issuers/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: cmpv2-issuer-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: cmpv2-issuer-leader-election-rolebinding + namespace: {{ include "common.namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: cmpv2-issuer-leader-election-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cmpv2-issuer-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cmpv2-issuer-manager-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: cmpv2-issuer-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cmpv2-issuer-proxy-role +subjects: + - kind: ServiceAccount + name: default + namespace: {{ include "common.namespace" . }} +{{ end }} |