| package controller | |
| import ( | |
| corev1 "k8s.io/api/core/v1" | |
| metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | |
| ) | |
| func GetClusterRole() []*rbacv1.ClusterRole { | |
| clusterRole1 := &rbacv1.ClusterRole{ | |
| ObjectMeta: metav1.ObjectMeta{ | |
| Name: "svcacct-ricplt-appmgr-ricxapp-access", | |
| }, | |
| Rules: []rbacv1.PolicyRule{ | |
| rbacv1.PolicyRule{ | |
| APIGroups: []string{ | |
| "", | |
| }, | |
| Resources: []string{ | |
| "pods/portforward", | |
| }, | |
| Verbs: []string{ | |
| "create", | |
| }, | |
| }, | |
| rbacv1.PolicyRule{ | |
| APIGroups: []string{ | |
| "", | |
| }, | |
| Resources: []string{ | |
| "pods", | |
| "configmaps", | |
| "deployments", | |
| "services", | |
| }, | |
| Verbs: []string{ | |
| "get", | |
| "list", | |
| "create", | |
| "delete", | |
| }, | |
| }, | |
| rbacv1.PolicyRule{ | |
| APIGroups: []string{ | |
| "", | |
| }, | |
| Resources: []string{ | |
| "secrets", | |
| }, | |
| Verbs: []string{ | |
| "get", | |
| "list", | |
| }, | |
| }, | |
| }, | |
| TypeMeta: metav1.TypeMeta{ | |
| Kind: "ClusterRole", | |
| APIVersion: "rbac.authorization.k8s.io/v1", | |
| }, | |
| } | |
| clusterRole2 := &rbacv1.ClusterRole{ | |
| Rules: []rbacv1.PolicyRule{ | |
| rbacv1.PolicyRule{ | |
| APIGroups: []string{ | |
| "", | |
| }, | |
| Resources: []string{ | |
| "configmaps", | |
| "endpoints", | |
| "services", | |
| }, | |
| Verbs: []string{ | |
| "get", | |
| "list", | |
| "create", | |
| "update", | |
| "delete", | |
| }, | |
| }, | |
| }, | |
| TypeMeta: metav1.TypeMeta{ | |
| APIVersion: "rbac.authorization.k8s.io/v1", | |
| Kind: "ClusterRole", | |
| }, | |
| ObjectMeta: metav1.ObjectMeta{ | |
| Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig", | |
| }, | |
| } | |
| return []*rbacv1.ClusterRole{clusterRole1, clusterRole2} | |
| } |