Issue-ID: MSB-255
Change-Id: I8232c5f49c99a3ab4115ff531efcbdb2d8febfa0
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
--- /dev/null
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: RbacConfig
+metadata:
+ name: default
+spec:
+ mode: 'ON_WITH_INCLUSION'
+ inclusion:
+ namespaces: ["onap"]
--- /dev/null
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: ServiceRole
+metadata:
+ name: service-viewer
+ namespace: onap
+spec:
+ rules:
+ - services: ["*"]
+ methods: ["GET"]
+---
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: ServiceRoleBinding
+metadata:
+ name: bind-service-viewer
+ namespace: onap
+spec:
+ subjects:
+ - properties:
+ source.namespace: "istio-system"
+ - properties:
+ source.namespace: "default"
+ roleRef:
+ kind: ServiceRole
+ name: "service-viewer"
--- /dev/null
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: ServiceRole
+metadata:
+ name: msb
+ namespace: onap
+spec:
+ rules:
+ - services: ["*"]
+ methods: ["GET"]
+---
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: ServiceRoleBinding
+metadata:
+ name: bind-service-msb
+ namespace: onap
+spec:
+ subjects:
+ - user: "cluster.local/ns/onap/sa/msb"
+ roleRef:
+ kind: ServiceRole
+ name: "msb"
Code Review / msb / service-mesh.git / commitdiff