blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml

   1 #
   2 #   Copyright 2020 Huawei Technologies Co., Ltd.
   3 #
   4 #   Licensed under the Apache License, Version 2.0 (the "License");
   5 #   you may not use this file except in compliance with the License.
   6 #   You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 #   Unless required by applicable law or agreed to in writing, software
  11 #   distributed under the License is distributed on an "AS IS" BASIS,
  12 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 #   See the License for the specific language governing permissions and
  14 #   limitations under the License.
  15 #
  16
  17 kind: ServiceAccount
  18 apiVersion: v1
  19 metadata:
  20   name: edgegallery-secondary-ep-controller
  21   namespace: kube-system
  22 ---
  23 kind: ClusterRole
  24 apiVersion: rbac.authorization.k8s.io/v1
  25 metadata:
  26   name: multi-ip-controller
  27 rules:
  28   - apiGroups: [""]
  29     resources: ["services", "pods"]
  30     verbs: ["get", "watch", "list"]
  31   - apiGroups: [""]
  32     resources: ["endpoints", "events"]
  33     verbs: ["*"]
  34   - apiGroups: ["k8s.cni.cncf.io"]
  35     resources: ["network-attachment-definitions"]
  36     verbs: ["*"]
  37 ---
  38 kind: ClusterRoleBinding
  39 apiVersion: rbac.authorization.k8s.io/v1
  40 metadata:
  41   name: watch-update-secondary-endpoints
  42 subjects:
  43   - kind: ServiceAccount
  44     name: edgegallery-secondary-ep-controller
  45     namespace: kube-system
  46 roleRef:
  47   kind: ClusterRole
  48   name: multi-ip-controller
  49   apiGroup: rbac.authorization.k8s.io