kairos/helm-charts
1
0
Fork 0
mirror of https://github.com/kairos-io/helm-charts.git synced 2025-09-25 14:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update entangle rbac

Browse Source
This commit is contained in:
mudler
2023-01-23 22:48:40 +01:00
parent cbcc9ab75f
commit b9de44ed48
2 changed files with 166 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
charts/entangle/templates/configmap.yaml
View File

@@ -1,7 +1,19 @@
apiVersion: v1 apiVersion: v1
data: data:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel defines if the leader should step down volume \n# when the Manager ends. This requires the binary to immediately end when the\n# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly\n# speeds up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# In the default scaffold provided, the program ends immediately after \n# the manager stops, so would be fine to enable this option. However, \n# if you are doing or is intended to do any operation such as perform cleanups \n# after the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: true\n" controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel
defines if the leader should step down volume \n# when the Manager ends.
This requires the binary to immediately end when the\n# Manager is stopped,
otherwise, this setting is unsafe. Setting this significantly\n# speeds
up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration
time first.\n# In the default scaffold provided, the program ends immediately
after \n# the manager stops, so would be fine to enable this option. However,
\n# if you are doing or is intended to do any operation such as perform
cleanups \n# after the manager stops then its usage might be unsafe.\n#
\ leaderElectionReleaseOnCancel: true\n"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: entangle-manager-config name: entangle-manager-config
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'

54
charts/entangle/templates/rbac.yaml
View File

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: entangle-leader-election-role name: entangle-leader-election-role
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
@@ -60,6 +60,18 @@ rules:
- get - get
- list - list
- watch - watch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups: - apiGroups:
- apps - apps
resources: resources:
@@ -98,6 +110,32 @@ rules:
- get - get
- patch - patch
- update - update
- apiGroups:
- entangle.kairos.io
resources:
- vpns
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- vpns/finalizers
verbs:
- update
- apiGroups:
- entangle.kairos.io
resources:
- vpns/status
verbs:
- get
- patch
- update
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@@ -131,15 +169,15 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: entangle-leader-election-rolebinding name: entangle-leader-election-rolebinding
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: entangle-leader-election-role name: entangle-leader-election-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }} name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -151,8 +189,8 @@ roleRef:
name: entangle-manager-role name: entangle-manager-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }} name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -164,5 +202,5 @@ roleRef:
name: entangle-proxy-role name: entangle-proxy-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }} name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'