Adding Istio installtion helm charts

[demo.git] / vnfs / DAaaS / deploy / 00-init / istio-operator / templates / authproxy-rbac.yaml

diff --git a/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-rbac.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-rbac.yaml
new file mode 100644 (file)
index 0000000..8a047e0
--- /dev/null
+++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-rbac.yaml
@@ -0,0 +1,54 @@
+{{- if and .Values.rbac.enabled .Values.prometheusMetrics.enabled .Values.prometheusMetrics.authProxy.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "istio-operator.fullname" . }}-authproxy
+  labels:
+    app.kubernetes.io/name: {{ include "istio-operator.name" . }}
+    helm.sh/chart: {{ include "istio-operator.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: authproxy
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: "{{ include "istio-operator.fullname" . }}-authproxy"
+  labels:
+    app.kubernetes.io/name: {{ include "istio-operator.name" . }}
+    helm.sh/chart: {{ include "istio-operator.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: authproxy
+rules:
+- apiGroups: ["authentication.k8s.io"]
+  resources:
+  - tokenreviews
+  verbs: ["create"]
+- apiGroups: ["authorization.k8s.io"]
+  resources:
+  - subjectaccessreviews
+  verbs: ["create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: "{{ include "istio-operator.fullname" . }}-authproxy"
+  labels:
+    app.kubernetes.io/name: {{ include "istio-operator.name" . }}
+    helm.sh/chart: {{ include "istio-operator.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: authproxy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "{{ include "istio-operator.fullname" . }}-authproxy"
+subjects:
+- kind: ServiceAccount
+  name: {{ include "istio-operator.fullname" . }}-authproxy
+  namespace: {{ .Release.Namespace }}
+{{- end }}