blob: 16ee8b3beee795936bea2659bee53481912429d6 [file] [log] [blame]
Gopinath Tagete2dff4d2018-03-15 17:22:28 -07001# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15apiVersion: v1
16kind: ServiceAccount
17metadata:
18 name: voltha-serviceaccount
19 namespace: {{ .Values.global.namespace }}
20
21---
22
23apiVersion: rbac.authorization.k8s.io/v1beta1
24kind: ClusterRole
25metadata:
26 name: voltha-clusterrole
27rules:
28 - apiGroups:
29 - '*'
30 resources:
31 - '*'
32 verbs:
33 - '*'
34 - nonResourceURLs:
35 - '*'
36 verbs:
37 - '*'
38
39---
40
41apiVersion: rbac.authorization.k8s.io/v1beta1
42kind: Role
43metadata:
44 name: voltha-role
45 namespace: {{ .Values.global.namespace }}
46rules:
47 - apiGroups:
48 - ""
49 resources:
50 - configmaps
51 - pods
52 - secrets
53 - namespaces
54 verbs:
55 - get
56 - apiGroups:
57 - ""
58 resources:
59 - configmaps
60 resourceNames:
61 # Defaults to "<election-id>-<ingress-class>"
62 # Here: "<ingress-controller-leader>-<nginx>"
63 # This has to be adapted if you change either parameter
64 # when launching the voltha-controller.
65 - "ingress-controller-leader-nginx"
66 verbs:
67 - get
68 - update
69 - apiGroups:
70 - ""
71 resources:
72 - configmaps
73 verbs:
74 - create
75 - apiGroups:
76 - ""
77 resources:
78 - endpoints
79 verbs:
80 - get
81
82---
83
84apiVersion: rbac.authorization.k8s.io/v1beta1
85kind: RoleBinding
86metadata:
87 name: voltha-role-nisa-binding
88 namespace: {{ .Values.global.namespace }}
89roleRef:
90 apiGroup: rbac.authorization.k8s.io
91 kind: Role
92 name: voltha-role
93subjects:
94 - kind: ServiceAccount
95 name: voltha-serviceaccount
96 namespace: {{ .Values.global.namespace }}
97
98---
99
100apiVersion: rbac.authorization.k8s.io/v1beta1
101kind: ClusterRoleBinding
102metadata:
103 name: voltha-clusterrole-nisa-binding
104roleRef:
105 apiGroup: rbac.authorization.k8s.io
106 kind: ClusterRole
107 name: voltha-clusterrole
108subjects:
109 - kind: ServiceAccount
110 name: voltha-serviceaccount
111 namespace: {{ .Values.global.namespace }}