X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=blueprints%2Fiotgateway%2Fplaybooks%2Froles%2Feg_mep%2Ffiles%2Fdeploy%2Fconf%2Fedge%2Fnetwork-isolation%2Feg-sp-rbac.yaml;fp=blueprints%2Fiotgateway%2Fplaybooks%2Froles%2Feg_mep%2Ffiles%2Fdeploy%2Fconf%2Fedge%2Fnetwork-isolation%2Feg-sp-rbac.yaml;h=aa0fa637438fd15f841827b919629b00b6b53064;hb=98019264e44c1fb840c87ba81bc14f2df104f902;hp=0000000000000000000000000000000000000000;hpb=21d76c6999be0e33881c027411500b502139e343;p=eliot.git

diff --git a/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
new file mode 100644
index 0000000..aa0fa63
--- /dev/null
+++ b/blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/eg-sp-rbac.yaml
@@ -0,0 +1,49 @@
+#
+#   Copyright 2020 Huawei Technologies Co., Ltd.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: edgegallery-secondary-ep-controller
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multi-ip-controller
+rules:
+  - apiGroups: [""]
+    resources: ["services", "pods"]
+    verbs: ["get", "watch", "list"]
+  - apiGroups: [""]
+    resources: ["endpoints", "events"]
+    verbs: ["*"]
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources: ["network-attachment-definitions"]
+    verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: watch-update-secondary-endpoints
+subjects:
+  - kind: ServiceAccount
+    name: edgegallery-secondary-ep-controller
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: multi-ip-controller
+  apiGroup: rbac.authorization.k8s.io