| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- namespace: {{ .Release.Namespace }}
- name: {{ .Release.Name }}-server
- labels:
- {{ include "chart_labels" . | indent 4 }}
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: {{ .Release.Name }}-server-ingressclass-viewer
- labels:
- {{ include "chart_labels" . | indent 4 }}
- rules:
- - apiGroups: ["networking.k8s.io"]
- resources: ["ingressclasses"]
- verbs: ["get", "list", "watch"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: {{ .Release.Name }}-server-ingressclass-viewer-binding
- labels:
- {{ include "chart_labels" . | indent 4 }}
- subjects:
- - kind: ServiceAccount
- name: {{ .Release.Name }}-server
- namespace: {{ .Release.Namespace }}
- roleRef:
- kind: ClusterRole
- name: {{ .Release.Name }}-server-ingressclass-viewer
- apiGroup: rbac.authorization.k8s.io
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: Role
- metadata:
- name: {{ .Release.Name }}-server
- namespace: {{ .Release.Namespace }}
- labels:
- {{ include "chart_labels" . | indent 4 }}
- rules:
- - apiGroups: [""]
- resources: ["configmaps", "secrets", "services"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete", "deletecollection"]
- - apiGroups: [""]
- resources: ["events"]
- verbs: ["create"]
- - apiGroups: ["networking.k8s.io"]
- resources: ["ingresses"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: RoleBinding
- metadata:
- name: {{ .Release.Name }}-server-binding
- namespace: {{ .Release.Namespace }}
- labels:
- {{ include "chart_labels" . | indent 4 }}
- subjects:
- - kind: ServiceAccount
- name: {{ .Release.Name }}-server
- namespace: {{ .Release.Namespace }}
- roleRef:
- kind: Role
- name: {{ .Release.Name }}-server
- apiGroup: rbac.authorization.k8s.io
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: {{ .Release.Name }}-server-higress-operations
- labels:
- {{ include "chart_labels" . | indent 4 }}
- rules:
- - apiGroups: ["networking.higress.io"]
- resources: ["mcpbridges"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- - apiGroups: ["extensions.higress.io"]
- resources: ["wasmplugins"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- - apiGroups: ["networking.istio.io"]
- resources: ["envoyfilters"]
- verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: {{ .Release.Name }}-server-higress-operations-binding
- labels:
- {{ include "chart_labels" . | indent 4 }}
- subjects:
- - kind: ServiceAccount
- name: {{ .Release.Name }}-server
- namespace: {{ .Release.Namespace }}
- roleRef:
- kind: ClusterRole
- name: {{ .Release.Name }}-server-higress-operations
- apiGroup: rbac.authorization.k8s.io
|
