Code Review / ric-plt / ric-dep.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Update Kong ingress controller to version 1.4. It fixes the occasional 404 error.
[ric-plt/ric-dep.git] / helm / infrastructure / subcharts / kong / templates / controller-rbac-resources.yaml
1 {{- if and .Values.ingressController.rbac.create .Values.ingressController.enabled -}}
2 apiVersion: rbac.authorization.k8s.io/v1beta1
3 kind: Role
4 metadata:
5   name:  {{ template "kong.fullname" . }}
6   namespace: {{ .Release.namespace }}
7   labels:
8     {{- include "kong.metaLabels" . | nindent 4 }}
9 rules:
10   - apiGroups:
11       - ""
12     resources:
13       - configmaps
14       - pods
15       - secrets
16       - namespaces
17     verbs:
18       - get
19   - apiGroups:
20       - ""
21     resources:
22       - configmaps
23     resourceNames:
24       # Defaults to "<election-id>-<ingress-class>"
25       # Here: "<kong-ingress-controller-leader-nginx>-<nginx>"
26       # This has to be adapted if you change either parameter
27       # when launching the nginx-ingress-controller.
28       - "kong-ingress-controller-leader-{{ .Values.ingressController.ingressClass }}-{{ .Values.ingressController.ingressClass }}"
29     verbs:
30       - get
31       - update
32   - apiGroups:
33       - ""
34     resources:
35       - configmaps
36     verbs:
37       - create
38   - apiGroups:
39       - ""
40     resources:
41       - endpoints
42     verbs:
43       - get
44 ---
45 apiVersion: rbac.authorization.k8s.io/v1beta1
46 kind: RoleBinding
47 metadata:
48   name:  {{ template "kong.fullname" . }}
49   namespace: {{ .Release.Namespace }}
50   labels:
51     {{- include "kong.metaLabels" . | nindent 4 }}
52 roleRef:
53   apiGroup: rbac.authorization.k8s.io
54   kind: Role
55   name: {{ template "kong.fullname" . }}
56 subjects:
57   - kind: ServiceAccount
58     name: {{ template "kong.serviceAccountName" . }}
59     namespace: {{ .Release.Namespace }}
60 ---
61 apiVersion: rbac.authorization.k8s.io/v1beta1
62 kind: ClusterRole
63 metadata:
64   labels:
65     {{- include "kong.metaLabels" . | nindent 4 }}
66   name:  {{ template "kong.fullname" . }}
67 rules:
68   - apiGroups:
69       - ""
70     resources:
71       - endpoints
72       - nodes
73       - pods
74       - secrets
75     verbs:
76       - list
77       - watch
78   - apiGroups:
79       - ""
80     resources:
81       - nodes
82     verbs:
83       - get
84   - apiGroups:
85       - ""
86     resources:
87       - services
88     verbs:
89       - get
90       - list
91       - watch
92   - apiGroups:
93       - "extensions"
94       - "networking.k8s.io"
95     resources:
96       - ingresses
97     verbs:
98       - get
99       - list
100       - watch
101   - apiGroups:
102       - ""
103     resources:
104         - events
105     verbs:
106         - create
107         - patch
108   - apiGroups:
109       - "extensions"
110       - "networking.k8s.io"
111     resources:
112       - ingresses/status
113     verbs:
114       - update
115   - apiGroups:
116       - "configuration.konghq.com"
117     resources:
118       - kongplugins
119       - kongcredentials
120       - kongconsumers
121       - kongingresses
122     verbs:
123       - get
124       - list
125       - watch
126 ---
127 apiVersion: rbac.authorization.k8s.io/v1beta1
128 kind: ClusterRoleBinding
129 metadata:
130   name:  {{ template "kong.fullname" . }}
131   labels:
132     {{- include "kong.metaLabels" . | nindent 4 }}
133 roleRef:
134   apiGroup: rbac.authorization.k8s.io
135   kind: ClusterRole
136   name:  {{ template "kong.fullname" . }}
137 subjects:
138   - kind: ServiceAccount
139     name: {{ template "kong.serviceAccountName" . }}
140     namespace: {{ .Release.Namespace }}
141 {{- end -}}