Adding Cluster Role for RIC Adding Cluster Role for RIC Change-Id: Ibd49f0a70b61a981bb5e8faedecc7ef2762eecc8 Signed-off-by: naman.gupta <naman.gupta@samsung.com>

commit: 6ab3aec83c11229354656c0fff7d047e833fa936 [log] [tgz]
author: naman.gupta <naman.gupta@samsung.com> Fri Dec 01 23:55:16 2023 +0530
committer: Thoralf Czichy <thoralf.czichy@nokia.com> Thu Dec 07 09:37:13 2023 +0000
tree: ed8afe3936de4c48ee0524e4f5f51a28c3a4ddcf
parent: 59cb9a18cc92a65c002ba1c516c08a0e5ece4103 [diff]
diff --git a/depRicKubernetesOperator/internal/controller/getClusterRole.go b/depRicKubernetesOperator/internal/controller/getClusterRole.go
index 31e1bb4..13a8200 100644
--- a/depRicKubernetesOperator/internal/controller/getClusterRole.go
+++ b/depRicKubernetesOperator/internal/controller/getClusterRole.go

@@ -3,6 +3,7 @@
 import (

 	corev1 "k8s.io/api/core/v1"

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

+	rbacv1 "k8s.io/api/rbac/v1"

 )	

 

 func GetClusterRole() []*rbacv1.ClusterRole {

@@ -102,6 +103,273 @@
 		},

 	}

 

-	return []*rbacv1.ClusterRole{clusterRole1, clusterRole2}

+	clusterRole3 := &rbacv1.ClusterRole{

+		ObjectMeta: metav1.ObjectMeta{

+			Labels: map[string]string{

+				"app.kubernetes.io/version":    "1.4",

+				"helm.sh/chart":                "kong-0.36.6",

+				"app.kubernetes.io/instance":   "release-name",

+				"app.kubernetes.io/managed-by": "Helm",

+				"app.kubernetes.io/name":       "kong",

+			},

+			Name: "release-name-kong",

+		},

+		Rules: []rbacv1.PolicyRule{

 

+			rbacv1.PolicyRule{

+				Resources: []string{

+

+					"endpoints",

+					"nodes",

+					"pods",

+					"secrets",

+				},

+				Verbs: []string{

+

+					"list",

+					"watch",

+				},

+				APIGroups: []string{

+

+					"",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"",

+				},

+				Resources: []string{

+

+					"nodes",

+				},

+				Verbs: []string{

+

+					"get",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"",

+				},

+				Resources: []string{

+

+					"services",

+				},

+				Verbs: []string{

+

+					"get",

+					"list",

+					"watch",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"extensions",

+					"networking.k8s.io",

+				},

+				Resources: []string{

+

+					"ingresses",

+				},

+				Verbs: []string{

+

+					"get",

+					"list",

+					"watch",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"",

+				},

+				Resources: []string{

+

+					"events",

+				},

+				Verbs: []string{

+

+					"create",

+					"patch",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"extensions",

+					"networking.k8s.io",

+				},

+				Resources: []string{

+

+					"ingresses/status",

+				},

+				Verbs: []string{

+

+					"update",

+				},

+			},

+			rbacv1.PolicyRule{

+				Verbs: []string{

+

+					"get",

+					"list",

+					"watch",

+				},

+				APIGroups: []string{

+

+					"configuration.konghq.com",

+				},

+				Resources: []string{

+

+					"kongplugins",

+					"kongcredentials",

+					"kongconsumers",

+					"kongingresses",

+				},

+			},

+		},

+		TypeMeta: metav1.TypeMeta{

+			APIVersion: "rbac.authorization.k8s.io/v1",

+			Kind:       "ClusterRole",

+		},

+	}

+

+	clusterRole4 := &rbacv1.ClusterRole{

+		ObjectMeta: metav1.ObjectMeta{

+			Labels: map[string]string{

+				"app.kubernetes.io/managed-by": "Helm",

+				"app.kubernetes.io/name":       "kong",

+				"app.kubernetes.io/version":    "1.4",

+				"helm.sh/chart":                "kong-0.36.6",

+				"app.kubernetes.io/instance":   "release-name",

+			},

+			Name: "release-name-kong",

+		},

+		Rules: []rbacv1.PolicyRule{

+

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"",

+				},

+				Resources: []string{

+

+					"endpoints",

+					"nodes",

+					"pods",

+					"secrets",

+				},

+				Verbs: []string{

+

+					"list",

+					"watch",

+				},

+			},

+			rbacv1.PolicyRule{

+				Resources: []string{

+

+					"nodes",

+				},

+				Verbs: []string{

+

+					"get",

+				},

+				APIGroups: []string{

+

+					"",

+				},

+			},

+			rbacv1.PolicyRule{

+				Verbs: []string{

+

+					"get",

+					"list",

+					"watch",

+				},

+				APIGroups: []string{

+

+					"",

+				},

+				Resources: []string{

+

+					"services",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"extensions",

+					"networking.k8s.io",

+				},

+				Resources: []string{

+

+					"ingresses",

+				},

+				Verbs: []string{

+

+					"get",

+					"list",

+					"watch",

+				},

+			},

+			rbacv1.PolicyRule{

+				Resources: []string{

+

+					"events",

+				},

+				Verbs: []string{

+

+					"create",

+					"patch",

+				},

+				APIGroups: []string{

+

+					"",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"extensions",

+					"networking.k8s.io",

+				},

+				Resources: []string{

+

+					"ingresses/status",

+				},

+				Verbs: []string{

+

+					"update",

+				},

+			},

+			rbacv1.PolicyRule{

+				APIGroups: []string{

+

+					"configuration.konghq.com",

+				},

+				Resources: []string{

+

+					"kongplugins",

+					"kongcredentials",

+					"kongconsumers",

+					"kongingresses",

+				},

+				Verbs: []string{

+

+					"get",

+					"list",

+					"watch",

+				},

+			},

+		},

+		TypeMeta: metav1.TypeMeta{

+			APIVersion: "rbac.authorization.k8s.io/v1",

+			Kind:       "ClusterRole",

+		},

+	}

+

+	return []*rbacv1.ClusterRole{clusterRole1, clusterRole2, clusterRole3, clusterRole4}

 }
\ No newline at end of file
commit	6ab3aec83c11229354656c0fff7d047e833fa936	[log] [tgz]
author	naman.gupta <naman.gupta@samsung.com>	Fri Dec 01 23:55:16 2023 +0530
committer	Thoralf Czichy <thoralf.czichy@nokia.com>	Thu Dec 07 09:37:13 2023 +0000
tree	ed8afe3936de4c48ee0524e4f5f51a28c3a4ddcf
parent	59cb9a18cc92a65c002ba1c516c08a0e5ece4103 [diff]