From: Levente Kálé Date: Wed, 31 Jul 2019 18:14:33 +0000 (+0000) Subject: Merge "ACL mask added for cert_path" X-Git-Url: https://gerrit.akraino.org/r/gitweb?p=ta%2Fcaas-security.git;a=commitdiff_plain;h=a71dc45147014fe8e8b9cd7e00c972ffaf497104;hp=cb52d561f9a957a47ba4502d028ea533c5edf481 Merge "ACL mask added for cert_path" --- diff --git a/rbac_manifests/danm-rbac-config.yaml b/rbac_manifests/danm-rbac-config.yaml index a08796f..1851910 100644 --- a/rbac_manifests/danm-rbac-config.yaml +++ b/rbac_manifests/danm-rbac-config.yaml @@ -21,8 +21,9 @@ rules: - apiGroups: - danm.k8s.io resources: - - danmnets - danmeps + - tenantnetworks + - clusternetworks verbs: [ "*" ] - apiGroups: [ "" ] resources: [ "pods" ] diff --git a/rbac_manifests/danm-webhook.yaml b/rbac_manifests/danm-webhook.yaml new file mode 100644 index 0000000..356321b --- /dev/null +++ b/rbac_manifests/danm-webhook.yaml @@ -0,0 +1,44 @@ +--- +# Copyright 2019 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: danm-webhook + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: caas:danm-webhook +rules: +- apiGroups: + - danm.k8s.io + resources: + - tenantconfigs + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: caas:danm-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: caas:danm-webhook +subjects: +- kind: ServiceAccount + name: danm-webhook + namespace: kube-system diff --git a/rbac_manifests/netwatcher-rbac-config.yml b/rbac_manifests/netwatcher-rbac-config.yml index fae1c23..c626e3a 100644 --- a/rbac_manifests/netwatcher-rbac-config.yml +++ b/rbac_manifests/netwatcher-rbac-config.yml @@ -29,7 +29,8 @@ rules: - apiGroups: - "danm.k8s.io" resources: - - danmnets + - tenantnetworks + - clusternetworks verbs: - get - list diff --git a/rbac_manifests/svcwatcher-rbac-config.yml b/rbac_manifests/svcwatcher-rbac-config.yml index d827b72..e3b589e 100644 --- a/rbac_manifests/svcwatcher-rbac-config.yml +++ b/rbac_manifests/svcwatcher-rbac-config.yml @@ -49,7 +49,6 @@ rules: - apiGroups: - "danm.k8s.io" resources: - - danmnets - danmeps verbs: - get diff --git a/rbac_manifests/tiller-rbac-config.yaml b/rbac_manifests/tiller-rbac-config.yaml index 40715eb..3b457ab 100644 --- a/rbac_manifests/tiller-rbac-config.yaml +++ b/rbac_manifests/tiller-rbac-config.yaml @@ -204,7 +204,7 @@ rules: - apiGroups: - danm.k8s.io resources: - - danmnets + - tenantnetworks verbs: - create - delete @@ -228,7 +228,7 @@ rules: - patch - update - watch - + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding