rbac_manifests/custom-metrics-apiserver-rbac.yaml

   1 ---
   2 # Copyright 2019 Nokia
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7 #
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 apiVersion: v1
  17 kind: ServiceAccount
  18 metadata:
  19   name: custom-metrics-apiserver
  20   namespace: kube-system
  21 ---
  22 apiVersion: rbac.authorization.k8s.io/v1beta1
  23 kind: ClusterRole
  24 metadata:
  25   name: caas:custom-metrics-server-resource-reader
  26 rules:
  27 - apiGroups:
  28   - ""
  29   resources:
  30   - namespaces
  31   - pods
  32   - services
  33   verbs:
  34   - get
  35   - list
  36 ---
  37 apiVersion: rbac.authorization.k8s.io/v1
  38 kind: RoleBinding
  39 metadata:
  40   name: caas:custom-metrics-server:extension-apiserver-authentication-reader
  41   namespace: kube-system
  42 roleRef:
  43   apiGroup: rbac.authorization.k8s.io
  44   kind: Role
  45   name: extension-apiserver-authentication-reader
  46 subjects:
  47 - kind: ServiceAccount
  48   name: custom-metrics-apiserver
  49   namespace: kube-system
  50 ---
  51 apiVersion: rbac.authorization.k8s.io/v1beta1
  52 kind: ClusterRoleBinding
  53 metadata:
  54   name: caas:custom-metrics-server:system:auth-delegator
  55 roleRef:
  56   apiGroup: rbac.authorization.k8s.io
  57   kind: ClusterRole
  58   name: system:auth-delegator
  59 subjects:
  60 - kind: ServiceAccount
  61   name: custom-metrics-apiserver
  62   namespace: kube-system
  63 ---
  64 apiVersion: rbac.authorization.k8s.io/v1
  65 kind: ClusterRoleBinding
  66 metadata:
  67   name: caas:custom-metrics-server-psp
  68 subjects:
  69 - kind: ServiceAccount
  70   name: custom-metrics-apiserver
  71   namespace: kube-system
  72 roleRef:
  73   kind: ClusterRole
  74   name: caas:infra-psp
  75   apiGroup: rbac.authorization.k8s.io
  76 ---
  77 apiVersion: rbac.authorization.k8s.io/v1
  78 kind: RoleBinding
  79 metadata:
  80   name: caas:custom-metrics-server:custom-apiserver-resource-reader
  81   namespace: kube-system
  82 roleRef:
  83   apiGroup: rbac.authorization.k8s.io
  84   kind: ClusterRole
  85   name: caas:custom-metrics-server-resource-reader
  86 subjects:
  87 - kind: ServiceAccount
  88   name: custom-metrics-apiserver
  89   namespace: kube-system