Gitiles
Code Review Sign In
gerrit.opencord.org / voltha / 353af1266839cdf6cb76b20e6c26fac849f0e8a7 / . / k8s / ingress / 50-rbac.yml
blob: 8c53e51b6be9ae9cf65185e3976a87a89bdf2824 [file] [log] [blame]
Zack Williams41513bf2018-07-07 20:08:35 -0700[diff] [blame]1# Copyright 2017-present Open Networking Foundation
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
Richard Jankowskic3c291c2018-02-02 13:57:33 -0500[diff] [blame]14apiVersion: v1
15kind: ServiceAccount
16metadata:
17 name: nginx-ingress-serviceaccount
Richard Jankowskid4454382018-02-08 16:21:43 -0500[diff] [blame]18 namespace: voltha
Richard Jankowskic3c291c2018-02-02 13:57:33 -0500[diff] [blame]19
20---
21
22apiVersion: rbac.authorization.k8s.io/v1beta1
23kind: ClusterRole
24metadata:
25 name: nginx-ingress-clusterrole
26rules:
27 - apiGroups:
28 - ""
29 resources:
30 - configmaps
31 - endpoints
32 - nodes
33 - pods
34 - secrets
35 verbs:
36 - list
37 - watch
38 - apiGroups:
39 - ""
40 resources:
41 - nodes
42 verbs:
43 - get
44 - apiGroups:
45 - ""
46 resources:
47 - services
48 verbs:
49 - get
50 - list
51 - watch
52 - apiGroups:
53 - "extensions"
54 resources:
55 - ingresses
56 verbs:
57 - get
58 - list
59 - watch
60 - apiGroups:
61 - ""
62 resources:
63 - events
64 verbs:
65 - create
66 - patch
67 - apiGroups:
68 - "extensions"
69 resources:
70 - ingresses/status
71 verbs:
72 - update
73
74---
75
76apiVersion: rbac.authorization.k8s.io/v1beta1
77kind: Role
78metadata:
79 name: nginx-ingress-role
Richard Jankowskid4454382018-02-08 16:21:43 -0500[diff] [blame]80 namespace: voltha
Richard Jankowskic3c291c2018-02-02 13:57:33 -0500[diff] [blame]81rules:
82 - apiGroups:
83 - ""
84 resources:
85 - configmaps
86 - pods
87 - secrets
88 - namespaces
89 verbs:
90 - get
91 - apiGroups:
92 - ""
93 resources:
94 - configmaps
95 resourceNames:
96 # Defaults to "<election-id>-<ingress-class>"
97 # Here: "<ingress-controller-leader>-<nginx>"
98 # This has to be adapted if you change either parameter
99 # when launching the nginx-ingress-controller.
100 - "ingress-controller-leader-nginx"
101 verbs:
102 - get
103 - update
104 - apiGroups:
105 - ""
106 resources:
107 - configmaps
108 verbs:
109 - create
110 - apiGroups:
111 - ""
112 resources:
113 - endpoints
114 verbs:
115 - get
116
117---
118
119apiVersion: rbac.authorization.k8s.io/v1beta1
120kind: RoleBinding
121metadata:
122 name: nginx-ingress-role-nisa-binding
Richard Jankowskid4454382018-02-08 16:21:43 -0500[diff] [blame]123 namespace: voltha
Richard Jankowskic3c291c2018-02-02 13:57:33 -0500[diff] [blame]124roleRef:
125 apiGroup: rbac.authorization.k8s.io
126 kind: Role
127 name: nginx-ingress-role
128subjects:
129 - kind: ServiceAccount
130 name: nginx-ingress-serviceaccount
Richard Jankowskid4454382018-02-08 16:21:43 -0500[diff] [blame]131 namespace: voltha
Richard Jankowskic3c291c2018-02-02 13:57:33 -0500[diff] [blame]132
133---
134
135apiVersion: rbac.authorization.k8s.io/v1beta1
136kind: ClusterRoleBinding
137metadata:
138 name: nginx-ingress-clusterrole-nisa-binding
139roleRef:
140 apiGroup: rbac.authorization.k8s.io
141 kind: ClusterRole
142 name: nginx-ingress-clusterrole
143subjects:
144 - kind: ServiceAccount
145 name: nginx-ingress-serviceaccount
Richard Jankowskid4454382018-02-08 16:21:43 -0500[diff] [blame]146 namespace: voltha