Skip to content

Instantly share code, notes, and snippets.

@rvennam

rvennam/steve_icp.yaml

Created December 9, 2019 19:48
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rvennam/f5e350b173ff85cb2afdbd289455fb0a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rvennam/f5e350b173ff85cb2afdbd289455fb0a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
steve_icp.yaml
apiVersion: install.istio.io/v1alpha2
kind: IstioControlPlane
metadata:
name: example-istiocontrolplane
namespace: istio-operator
spec:
hub: docker.io/sdake
tag: sdake
profile: default
configManagement:
components:
galley:
k8s:
overlays:
- kind: ClusterRole
name: istio-galley-istio-system
apiVersion: rbac.authorization.k8s.io/v1
patches:
- path: rules
value:
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles"]
verbs: ["get", "list", "watch"]
- apiGroups:
- authentication.istio.io
- config.istio.io
- networking.istio.io
- rbac.istio.io
- security.istio.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- authentication.istio.io
- config.istio.io
- networking.istio.io
- rbac.istio.io
- security.istio.io
resources:
- '*/status'
verbs:
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- extensions
- apps
resourceNames:
- istio-galley
resources:
- deployments
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
- services
- endpoints
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resourceNames:
- istio-galley
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles"]
verbs: ["get", "list", "watch"]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment