mirror of
https://github.com/kairos-io/helm-charts.git
synced 2025-09-25 14:18:00 +00:00
Update entangle rbac
This commit is contained in:
@@ -1,7 +1,19 @@
|
||||
apiVersion: v1
|
||||
data:
|
||||
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel defines if the leader should step down volume \n# when the Manager ends. This requires the binary to immediately end when the\n# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly\n# speeds up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# In the default scaffold provided, the program ends immediately after \n# the manager stops, so would be fine to enable this option. However, \n# if you are doing or is intended to do any operation such as perform cleanups \n# after the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: true\n"
|
||||
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
|
||||
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
|
||||
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
|
||||
true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel
|
||||
defines if the leader should step down volume \n# when the Manager ends.
|
||||
This requires the binary to immediately end when the\n# Manager is stopped,
|
||||
otherwise, this setting is unsafe. Setting this significantly\n# speeds
|
||||
up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration
|
||||
time first.\n# In the default scaffold provided, the program ends immediately
|
||||
after \n# the manager stops, so would be fine to enable this option. However,
|
||||
\n# if you are doing or is intended to do any operation such as perform
|
||||
cleanups \n# after the manager stops then its usage might be unsafe.\n#
|
||||
\ leaderElectionReleaseOnCancel: true\n"
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: entangle-manager-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
namespace: '{{.Release.Namespace}}'
|
||||
|
@@ -2,39 +2,39 @@ apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: entangle-leader-election-role
|
||||
namespace: {{ .Release.Namespace }}
|
||||
namespace: '{{.Release.Namespace}}'
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
@@ -42,104 +42,142 @@ metadata:
|
||||
creationTimestamp: null
|
||||
name: entangle-manager-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- entanglements
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- entanglements/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- entanglements/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- daemonsets
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- entanglements
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- entanglements/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- entanglements/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- vpns
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- patch
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- vpns/finalizers
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- entangle.kairos.io
|
||||
resources:
|
||||
- vpns/status
|
||||
verbs:
|
||||
- get
|
||||
- patch
|
||||
- update
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: entangle-metrics-reader
|
||||
rules:
|
||||
- nonResourceURLs:
|
||||
- /metrics
|
||||
verbs:
|
||||
- get
|
||||
- nonResourceURLs:
|
||||
- /metrics
|
||||
verbs:
|
||||
- get
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: entangle-proxy-role
|
||||
rules:
|
||||
- apiGroups:
|
||||
- authentication.k8s.io
|
||||
resources:
|
||||
- tokenreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- authorization.k8s.io
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- authentication.k8s.io
|
||||
resources:
|
||||
- tokenreviews
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- authorization.k8s.io
|
||||
resources:
|
||||
- subjectaccessreviews
|
||||
verbs:
|
||||
- create
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: entangle-leader-election-rolebinding
|
||||
namespace: {{ .Release.Namespace }}
|
||||
namespace: '{{.Release.Namespace}}'
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: entangle-leader-election-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "entangle.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- kind: ServiceAccount
|
||||
name: '{{ include "helm-chart.serviceAccountName" . }}'
|
||||
namespace: '{{.Release.Namespace}}'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
@@ -150,9 +188,9 @@ roleRef:
|
||||
kind: ClusterRole
|
||||
name: entangle-manager-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "entangle.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- kind: ServiceAccount
|
||||
name: '{{ include "helm-chart.serviceAccountName" . }}'
|
||||
namespace: '{{.Release.Namespace}}'
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
@@ -163,6 +201,6 @@ roleRef:
|
||||
kind: ClusterRole
|
||||
name: entangle-proxy-role
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "entangle.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
- kind: ServiceAccount
|
||||
name: '{{ include "helm-chart.serviceAccountName" . }}'
|
||||
namespace: '{{.Release.Namespace}}'
|
||||
|
Reference in New Issue
Block a user