260a271859
- Also fix mistakes in the deployment.yaml - Also hardcode the ownerRef kind and version because otherwise we get an error Signed-off-by: Monis Khan <mok@vmware.com>
52 lines
1.5 KiB
YAML
52 lines
1.5 KiB
YAML
#@ load("@ytt:data", "data")
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: [namespaces]
|
|
verbs: [get, list, watch]
|
|
- apiGroups: [apiregistration.k8s.io]
|
|
resources: [apiservices]
|
|
verbs: [create, get, list, patch, update, watch]
|
|
---
|
|
kind: ClusterRoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role-binding"
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: #@ data.values.app_name + "-service-account"
|
|
namespace: #@ data.values.namespace
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: #@ data.values.app_name + "-aggregated-api-server-role"
|
|
namespace: #@ data.values.namespace
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: [services]
|
|
verbs: [create, get, list, patch, update, watch]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: #@ data.values.app_name + "-aggregated-api-server-role-binding"
|
|
namespace: #@ data.values.namespace
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: #@ data.values.app_name + "-service-account"
|
|
namespace: #@ data.values.namespace
|
|
roleRef:
|
|
kind: Role
|
|
name: #@ data.values.app_name + "-aggregated-api-server-role"
|
|
apiGroup: rbac.authorization.k8s.io
|