Code Review / demo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Helm charts for Metallb
[demo.git] / vnfs / DAaaS / deploy / 00-init / metallb / templates / rbac.yaml
1 {{- if .Values.rbac.create -}}
2
3 # Roles
4 apiVersion: rbac.authorization.k8s.io/v1
5 kind: ClusterRole
6 metadata:
7   name: {{ template "metallb.fullname" . }}:controller
8   labels:
9     heritage: {{ .Release.Service | quote }}
10     release: {{ .Release.Name | quote }}
11     chart: {{ template "metallb.chart" . }}
12     app: {{ template "metallb.name" . }}
13 rules:
14 - apiGroups: [""]
15   resources: ["services"]
16   verbs: ["get", "list", "watch", "update"]
17 - apiGroups: [""]
18   resources: ["services/status"]
19   verbs: ["update"]
20 - apiGroups: [""]
21   resources: ["events"]
22   verbs: ["create", "patch"]
23 ---
24 apiVersion: rbac.authorization.k8s.io/v1
25 kind: ClusterRole
26 metadata:
27   name: {{ template "metallb.fullname" . }}:speaker
28   labels:
29     heritage: {{ .Release.Service | quote }}
30     release: {{ .Release.Name | quote }}
31     chart: {{ template "metallb.chart" . }}
32     app: {{ template "metallb.name" . }}
33 rules:
34 - apiGroups: [""]
35   resources: ["services", "endpoints", "nodes"]
36   verbs: ["get", "list", "watch"]
37 - apiGroups: [""]
38   resources: ["events"]
39   verbs: ["create", "patch"]
40 {{- if .Values.psp.create }}
41 - apiGroups: ["extensions"]
42   resources: ["podsecuritypolicies"]
43   resourceNames: [{{ printf "%s-speaker" (include "metallb.fullname" .) | quote}}]
44   verbs: ["use"]
45 {{- end }}
46 ---
47 apiVersion: rbac.authorization.k8s.io/v1
48 kind: Role
49 metadata:
50   name: {{ template "metallb.fullname" . }}-config-watcher
51   labels:
52     heritage: {{ .Release.Service | quote }}
53     release: {{ .Release.Name | quote }}
54     chart: {{ template "metallb.chart" . }}
55     app: {{ template "metallb.name" . }}
56 rules:
57 - apiGroups: [""]
58   resources: ["configmaps"]
59   verbs: ["get", "list", "watch"]
60 ---
61
62 ## Role bindings
63 apiVersion: rbac.authorization.k8s.io/v1
64 kind: ClusterRoleBinding
65 metadata:
66   name: {{ template "metallb.fullname" . }}:controller
67   labels:
68     heritage: {{ .Release.Service | quote }}
69     release: {{ .Release.Name | quote }}
70     chart: {{ template "metallb.chart" . }}
71     app: {{ template "metallb.name" . }}
72 subjects:
73 - kind: ServiceAccount
74   name: {{ template "metallb.controllerServiceAccountName" . }}
75   namespace: {{ .Release.Namespace }}
76 roleRef:
77   apiGroup: rbac.authorization.k8s.io
78   kind: ClusterRole
79   name: {{ template "metallb.fullname" . }}:controller
80 ---
81 apiVersion: rbac.authorization.k8s.io/v1
82 kind: ClusterRoleBinding
83 metadata:
84   name: {{ template "metallb.fullname" . }}:speaker
85   labels:
86     heritage: {{ .Release.Service | quote }}
87     release: {{ .Release.Name | quote }}
88     chart: {{ template "metallb.chart" . }}
89     app: {{ template "metallb.name" . }}
90 subjects:
91 - kind: ServiceAccount
92   name: {{ template "metallb.speakerServiceAccountName" . }}
93   namespace: {{ .Release.Namespace }}
94 roleRef:
95   apiGroup: rbac.authorization.k8s.io
96   kind: ClusterRole
97   name: {{ template "metallb.fullname" . }}:speaker
98 ---
99 apiVersion: rbac.authorization.k8s.io/v1
100 kind: RoleBinding
101 metadata:
102   name: {{ template "metallb.fullname" . }}-config-watcher
103   labels:
104     heritage: {{ .Release.Service | quote }}
105     release: {{ .Release.Name | quote }}
106     chart: {{ template "metallb.chart" . }}
107     app: {{ template "metallb.name" . }}
108 subjects:
109 - kind: ServiceAccount
110   name: {{ template "metallb.controllerServiceAccountName" . }}
111 - kind: ServiceAccount
112   name: {{ template "metallb.speakerServiceAccountName" . }}
113 roleRef:
114   apiGroup: rbac.authorization.k8s.io
115   kind: Role
116   name: {{ template "metallb.fullname" . }}-config-watcher
117 {{- end -}}
Demo applications and templates for ONAP platform instantiation.