Gitiles
Code Review Sign In
gerrit.nordix.org / onap / oom / f53c65c89b08f4bcd8c49e5aa0c284a6b5f00b8c / . / kubernetes / platform / components / cmpv2-cert-provider / templates / roles.yaml
blob: add5622f417702cc341dd65d51f24ec219b23abb [file] [log] [blame]
Jan Malkiewicz741fb0b2020-11-18 11:31:06 +0100[diff] [blame]1{{ if .Values.global.CMPv2CertManagerIntegration }}
2
3# ============LICENSE_START=======================================================
4# Copyright (c) 2020 Nokia
5# ================================================================================
6# Licensed under the Apache License, Version 2.0 (the "License");
7# you may not use this file except in compliance with the License.
8# You may obtain a copy of the License at
9#
10# http://www.apache.org/licenses/LICENSE-2.0
11#
12# Unless required by applicable law or agreed to in writing, software
13# distributed under the License is distributed on an "AS IS" BASIS,
14# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15# See the License for the specific language governing permissions and
16# limitations under the License.
17# ============LICENSE_END=========================================================
18
19apiVersion: rbac.authorization.k8s.io/v1
20kind: Role
21metadata:
22 name: cmpv2-issuer-leader-election-role
23 namespace: {{ include "common.namespace" . }}
24rules:
25 - apiGroups:
26 - ""
27 resources:
28 - configmaps
29 verbs:
30 - get
31 - list
32 - watch
33 - create
34 - update
35 - patch
36 - delete
37 - apiGroups:
38 - ""
39 resources:
40 - configmaps/status
41 verbs:
42 - get
43 - update
44 - patch
45 - apiGroups:
46 - ""
47 resources:
48 - events
49 verbs:
50 - create
51---
52apiVersion: rbac.authorization.k8s.io/v1
53kind: ClusterRole
54metadata:
55 name: cmpv2-issuer-manager-role
56rules:
57 - apiGroups:
58 - ""
59 resources:
60 - events
61 verbs:
62 - create
63 - patch
64 - apiGroups:
65 - ""
66 resources:
67 - secrets
68 verbs:
69 - get
70 - list
71 - watch
72 - apiGroups:
73 - cert-manager.io
74 resources:
75 - certificaterequests
76 verbs:
77 - get
78 - list
79 - update
80 - watch
81 - apiGroups:
82 - cert-manager.io
83 resources:
84 - certificaterequests/status
85 verbs:
86 - get
87 - patch
88 - update
89 - apiGroups:
90 - certmanager.onap.org
91 resources:
92 - cmpv2issuers
93 verbs:
94 - create
95 - delete
96 - get
97 - list
98 - patch
99 - update
100 - watch
101 - apiGroups:
102 - certmanager.onap.org
103 resources:
104 - cmpv2issuers/status
105 verbs:
106 - get
107 - patch
108 - update
109---
110apiVersion: rbac.authorization.k8s.io/v1
111kind: ClusterRole
112metadata:
113 name: cmpv2-issuer-proxy-role
114rules:
115 - apiGroups:
116 - authentication.k8s.io
117 resources:
118 - tokenreviews
119 verbs:
120 - create
121 - apiGroups:
122 - authorization.k8s.io
123 resources:
124 - subjectaccessreviews
125 verbs:
126 - create
127---
128apiVersion: rbac.authorization.k8s.io/v1
129kind: RoleBinding
130metadata:
131 name: cmpv2-issuer-leader-election-rolebinding
132 namespace: {{ include "common.namespace" . }}
133roleRef:
134 apiGroup: rbac.authorization.k8s.io
135 kind: Role
136 name: cmpv2-issuer-leader-election-role
137subjects:
138 - kind: ServiceAccount
139 name: default
140 namespace: {{ include "common.namespace" . }}
141---
142apiVersion: rbac.authorization.k8s.io/v1
143kind: ClusterRoleBinding
144metadata:
145 name: cmpv2-issuer-manager-rolebinding
146roleRef:
147 apiGroup: rbac.authorization.k8s.io
148 kind: ClusterRole
149 name: cmpv2-issuer-manager-role
150subjects:
151 - kind: ServiceAccount
152 name: default
153 namespace: {{ include "common.namespace" . }}
154---
155apiVersion: rbac.authorization.k8s.io/v1
156kind: ClusterRoleBinding
157metadata:
158 name: cmpv2-issuer-proxy-rolebinding
159roleRef:
160 apiGroup: rbac.authorization.k8s.io
161 kind: ClusterRole
162 name: cmpv2-issuer-proxy-role
163subjects:
164 - kind: ServiceAccount
165 name: default
166 namespace: {{ include "common.namespace" . }}
167{{ end }}