kairos/helm-charts
1
0
Fork 0
mirror of https://github.com/kairos-io/helm-charts.git synced 2025-09-25 14:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update entangle rbac

Browse Source
This commit is contained in:
mudler
2023-01-23 22:48:40 +01:00
parent cbcc9ab75f
commit b9de44ed48
2 changed files with 166 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
charts/entangle/templates/configmap.yaml
View File

@@ -1,7 +1,19 @@
apiVersion: v1
data:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel defines if the leader should step down volume \n# when the Manager ends. This requires the binary to immediately end when the\n# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly\n# speeds up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# In the default scaffold provided, the program ends immediately after \n# the manager stops, so would be fine to enable this option. However, \n# if you are doing or is intended to do any operation such as perform cleanups \n# after the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: true\n"
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel
defines if the leader should step down volume \n# when the Manager ends.
This requires the binary to immediately end when the\n# Manager is stopped,
otherwise, this setting is unsafe. Setting this significantly\n# speeds
up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration
time first.\n# In the default scaffold provided, the program ends immediately
after \n# the manager stops, so would be fine to enable this option. However,
\n# if you are doing or is intended to do any operation such as perform
cleanups \n# after the manager stops then its usage might be unsafe.\n#
\ leaderElectionReleaseOnCancel: true\n"
kind: ConfigMap
metadata:
name: entangle-manager-config
namespace: {{ .Release.Namespace }}
namespace: '{{.Release.Namespace}}'

266
charts/entangle/templates/rbac.yaml
View File

@@ -2,39 +2,39 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: entangle-leader-election-role
namespace: {{ .Release.Namespace }}
namespace: '{{.Release.Namespace}}'
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -42,104 +42,142 @@ metadata:
creationTimestamp: null
name: entangle-manager-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- entanglements
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- entanglements/finalizers
verbs:
- update
- apiGroups:
- entangle.kairos.io
resources:
- entanglements/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- entanglements
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- entanglements/finalizers
verbs:
- update
- apiGroups:
- entangle.kairos.io
resources:
- entanglements/status
verbs:
- get
- patch
- update
- apiGroups:
- entangle.kairos.io
resources:
- vpns
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- vpns/finalizers
verbs:
- update
- apiGroups:
- entangle.kairos.io
resources:
- vpns/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: entangle-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: entangle-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: entangle-leader-election-rolebinding
namespace: {{ .Release.Namespace }}
namespace: '{{.Release.Namespace}}'
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: entangle-leader-election-role
subjects:
- kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -150,9 +188,9 @@ roleRef:
kind: ClusterRole
name: entangle-manager-role
subjects:
- kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -163,6 +201,6 @@ roleRef:
kind: ClusterRole
name: entangle-proxy-role
subjects:
- kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: '{{.Release.Namespace}}'