Enable istio RBAC

[msb/service-mesh.git] / install / msb-rbac.yaml

diff --git a/install/msb-rbac.yaml b/install/msb-rbac.yaml
new file mode 100644 (file)
index 0000000..bcb1d87
--- /dev/null
+++ b/install/msb-rbac.yaml
@@ -0,0 +1,21 @@
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: ServiceRole
+metadata:
+  name: msb 
+  namespace: onap 
+spec:
+  rules:
+  - services: ["*"]
+    methods: ["GET"]
+---
+apiVersion: "rbac.istio.io/v1alpha1"
+kind: ServiceRoleBinding
+metadata:
+  name: bind-service-msb
+  namespace: onap 
+spec:
+  subjects:
+  - user: "cluster.local/ns/onap/sa/msb"
+  roleRef:
+    kind: ServiceRole
+    name: "msb"