--- /dev/null
+package controller\r
+\r
+import (\r
+ corev1 "k8s.io/api/core/v1"\r
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"\r
+) \r
+\r
+func GetClusterRole() []*rbacv1.ClusterRole {\r
+\r
+ clusterRole1 := &rbacv1.ClusterRole{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-access",\r
+ },\r
+ Rules: []rbacv1.PolicyRule{\r
+\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "pods/portforward",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "create",\r
+ },\r
+ },\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "pods",\r
+ "configmaps",\r
+ "deployments",\r
+ "services",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "get",\r
+ "list",\r
+ "create",\r
+ "delete",\r
+ },\r
+ },\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "secrets",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "get",\r
+ "list",\r
+ },\r
+ },\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ Kind: "ClusterRole",\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ },\r
+ }\r
+\r
+ clusterRole2 := &rbacv1.ClusterRole{\r
+ Rules: []rbacv1.PolicyRule{\r
+\r
+ rbacv1.PolicyRule{\r
+ APIGroups: []string{\r
+\r
+ "",\r
+ },\r
+ Resources: []string{\r
+\r
+ "configmaps",\r
+ "endpoints",\r
+ "services",\r
+ },\r
+ Verbs: []string{\r
+\r
+ "get",\r
+ "list",\r
+ "create",\r
+ "update",\r
+ "delete",\r
+ },\r
+ },\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ Kind: "ClusterRole",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig",\r
+ },\r
+ }\r
+\r
+ return []*rbacv1.ClusterRole{clusterRole1, clusterRole2}\r
+\r
+}
\ No newline at end of file
--- /dev/null
+package controller\r
+\r
+import (\r
+ corev1 "k8s.io/api/core/v1"\r
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"\r
+ "k8s.io/apimachinery/pkg/util/intstr"\r
+)\r
+\r
+func GetClusterRoleBinding() []*rbacv1.ClusterRoleBinding {\r
+ clusterRoleBinding1 := &rbacv1.ClusterRoleBinding{\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ Kind: "ClusterRoleBinding",\r
+ },\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-access",\r
+ Namespace: "ricplt",\r
+ },\r
+ RoleRef: rbacv1.RoleRef{\r
+ Kind: "ClusterRole",\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-access",\r
+ APIGroup: "rbac.authorization.k8s.io",\r
+ },\r
+ Subjects: []rbacv1.Subject{\r
+\r
+ rbacv1.Subject{\r
+ Namespace: "ricplt",\r
+ Kind: "ServiceAccount",\r
+ Name: "svcacct-ricplt-appmgr",\r
+ },\r
+ },\r
+ }\r
+\r
+ clusterRoleBinding2 := &rbacv1.ClusterRoleBinding{\r
+ ObjectMeta: metav1.ObjectMeta{\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig",\r
+ Namespace: "ricxapp",\r
+ },\r
+ RoleRef: rbacv1.RoleRef{\r
+ APIGroup: "rbac.authorization.k8s.io",\r
+ Kind: "ClusterRole",\r
+ Name: "svcacct-ricplt-appmgr-ricxapp-getappconfig",\r
+ },\r
+ Subjects: []rbacv1.Subject{\r
+\r
+ rbacv1.Subject{\r
+ Namespace: "ricplt",\r
+ Kind: "ServiceAccount",\r
+ Name: "svcacct-ricplt-appmgr",\r
+ },\r
+ },\r
+ TypeMeta: metav1.TypeMeta{\r
+ APIVersion: "rbac.authorization.k8s.io/v1",\r
+ Kind: "ClusterRoleBinding",\r
+ },\r
+ }\r
+ return []*rbacv1.ClusterRoleBinding{clusterRoleBinding1, clusterRoleBinding2}\r
+}\r