Last active
February 25, 2020 20:42
-
-
Save danehans/daa49cac8e6fb72f96fd280bb9ac2945 to your computer and use it in GitHub Desktop.
example service-apis controller rbac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is additive to: | |
| # https://github.com/kubernetes-sigs/service-apis/blob/master/config/rbac/role.yaml | |
| # Mean to demonstate permissions model for route selector PR: | |
| # https://github.com/kubernetes-sigs/service-apis/pull/12 | |
| # | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: ClusterRole | |
| metadata: | |
| creationTimestamp: null | |
| name: manager-role | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| # Used by NamespaceSelector to bind a route to a gateway. Specific to PR #12 | |
| - namespaces | |
| verbs: | |
| - get | |
| - list | |
| - watch # To update gateway/route status in the case of a route ref'ing an unavailable ns? | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - services # Referenced by xRoute for backend forwarding. Not specific to PR #12, but not currently spec'd. | |
| verbs: | |
| - get | |
| - list | |
| - apiGroups: | |
| - "" | |
| resources: | |
| # Used by Gateway listener certificates. Not specific to PR #12, but not currently spec'd. | |
| - configmaps | |
| verbs: | |
| - get | |
| - list | |
| - watch |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment