kairos/helm-charts
1
0
Fork 0
mirror of https://github.com/kairos-io/helm-charts.git synced 2025-09-25 14:18:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update entangle rbac

Browse Source
This commit is contained in:
mudler
2023-01-23 22:48:40 +01:00
parent cbcc9ab75f
commit b9de44ed48
2 changed files with 166 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
charts/entangle/templates/configmap.yaml
View File

@@ -1,7 +1,19 @@
apiVersion: v1 apiVersion: v1
data: data:
controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind: ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect: true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel defines if the leader should step down volume \n# when the Manager ends. This requires the binary to immediately end when the\n# Manager is stopped, otherwise, this setting is unsafe. Setting this significantly\n# speeds up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration time first.\n# In the default scaffold provided, the program ends immediately after \n# the manager stops, so would be fine to enable this option. However, \n# if you are doing or is intended to do any operation such as perform cleanups \n# after the manager stops then its usage might be unsafe.\n# leaderElectionReleaseOnCancel: true\n" controller_manager_config.yaml: "apiVersion: controller-runtime.sigs.k8s.io/v1alpha1\nkind:
ControllerManagerConfig\nhealth:\n healthProbeBindAddress: :8081\nmetrics:\n
\ bindAddress: 127.0.0.1:8080\nwebhook:\n port: 9443\nleaderElection:\n leaderElect:
true\n resourceName: 680ae91e.kairos.io\n# leaderElectionReleaseOnCancel
defines if the leader should step down volume \n# when the Manager ends.
This requires the binary to immediately end when the\n# Manager is stopped,
otherwise, this setting is unsafe. Setting this significantly\n# speeds
up voluntary leader transitions as the new leader don't have to wait\n# LeaseDuration
time first.\n# In the default scaffold provided, the program ends immediately
after \n# the manager stops, so would be fine to enable this option. However,
\n# if you are doing or is intended to do any operation such as perform
cleanups \n# after the manager stops then its usage might be unsafe.\n#
\ leaderElectionReleaseOnCancel: true\n"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: entangle-manager-config name: entangle-manager-config
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'

266
charts/entangle/templates/rbac.yaml
View File

@@ -2,39 +2,39 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
name: entangle-leader-election-role name: entangle-leader-election-role
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- configmaps - configmaps
verbs: verbs:
- get - get
- list - list
- watch - watch
- create - create
- update - update
- patch - patch
- delete - delete
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resources: resources:
- leases - leases
verbs: verbs:
- get - get
- list - list
- watch - watch
- create - create
- update - update
- patch - patch
- delete - delete
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- events - events
verbs: verbs:
- create - create
- patch - patch
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@@ -42,104 +42,142 @@ metadata:
creationTimestamp: null creationTimestamp: null
name: entangle-manager-role name: entangle-manager-role
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- secrets - secrets
verbs: verbs:
- create - create
- get - get
- list - list
- watch - watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- services - services
verbs: verbs:
- create - create
- get - get
- list - list
- watch - watch
- apiGroups: - apiGroups:
- apps - apps
resources: resources:
- deployments - daemonsets
verbs: verbs:
- create - create
- delete - delete
- get - get
- list - list
- patch - patch
- update - update
- watch - watch
- apiGroups: - apiGroups:
- entangle.kairos.io - apps
resources: resources:
- entanglements - deployments
verbs: verbs:
- create - create
- delete - delete
- get - get
- list - list
- patch - patch
- update - update
- watch - watch
- apiGroups: - apiGroups:
- entangle.kairos.io - entangle.kairos.io
resources: resources:
- entanglements/finalizers - entanglements
verbs: verbs:
- update - create
- apiGroups: - delete
- entangle.kairos.io - get
resources: - list
- entanglements/status - patch
verbs: - update
- get - watch
- patch - apiGroups:
- update - entangle.kairos.io
resources:
- entanglements/finalizers
verbs:
- update
- apiGroups:
- entangle.kairos.io
resources:
- entanglements/status
verbs:
- get
- patch
- update
- apiGroups:
- entangle.kairos.io
resources:
- vpns
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- entangle.kairos.io
resources:
- vpns/finalizers
verbs:
- update
- apiGroups:
- entangle.kairos.io
resources:
- vpns/status
verbs:
- get
- patch
- update
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: entangle-metrics-reader name: entangle-metrics-reader
rules: rules:
- nonResourceURLs: - nonResourceURLs:
- /metrics - /metrics
verbs: verbs:
- get - get
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: entangle-proxy-role name: entangle-proxy-role
rules: rules:
- apiGroups: - apiGroups:
- authentication.k8s.io - authentication.k8s.io
resources: resources:
- tokenreviews - tokenreviews
verbs: verbs:
- create - create
- apiGroups: - apiGroups:
- authorization.k8s.io - authorization.k8s.io
resources: resources:
- subjectaccessreviews - subjectaccessreviews
verbs: verbs:
- create - create
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: entangle-leader-election-rolebinding name: entangle-leader-election-rolebinding
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role
name: entangle-leader-election-role name: entangle-leader-election-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }} name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -150,9 +188,9 @@ roleRef:
kind: ClusterRole kind: ClusterRole
name: entangle-manager-role name: entangle-manager-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }} name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -163,6 +201,6 @@ roleRef:
kind: ClusterRole kind: ClusterRole
name: entangle-proxy-role name: entangle-proxy-role
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "entangle.serviceAccountName" . }} name: '{{ include "helm-chart.serviceAccountName" . }}'
namespace: {{ .Release.Namespace }} namespace: '{{.Release.Namespace}}'