1# GENERATED FILE: edits made by hand will not be preserved.
2---
3aggregationRule:
4 clusterRoleSelectors:
5 - matchLabels:
6 rbac.getambassador.io/role-group: {self.path.k8s}
7apiVersion: rbac.authorization.k8s.io/v1
8kind: ClusterRole
9metadata:
10 labels:
11 app.kubernetes.io/instance: kat-rbac-singlenamespace
12 app.kubernetes.io/managed-by: kat
13 app.kubernetes.io/name: emissary-ingress
14 app.kubernetes.io/part-of: kat-rbac-singlenamespace
15 product: aes
16 name: {self.path.k8s}
17rules: []
18---
19{serviceAccountExtra}
20apiVersion: v1
21kind: ServiceAccount
22metadata:
23 labels:
24 app.kubernetes.io/instance: kat-rbac-singlenamespace
25 app.kubernetes.io/managed-by: kat
26 app.kubernetes.io/name: emissary-ingress
27 app.kubernetes.io/part-of: kat-rbac-singlenamespace
28 product: aes
29 name: {self.path.k8s}
30 namespace: {self.namespace}
31---
32apiVersion: rbac.authorization.k8s.io/v1
33kind: ClusterRoleBinding
34metadata:
35 labels:
36 app.kubernetes.io/instance: kat-rbac-singlenamespace
37 app.kubernetes.io/managed-by: kat
38 app.kubernetes.io/name: emissary-ingress
39 app.kubernetes.io/part-of: kat-rbac-singlenamespace
40 product: aes
41 name: {self.path.k8s}
42roleRef:
43 apiGroup: rbac.authorization.k8s.io
44 kind: ClusterRole
45 name: {self.path.k8s}
46subjects:
47- kind: ServiceAccount
48 name: {self.path.k8s}
49 namespace: {self.namespace}
50---
51apiVersion: rbac.authorization.k8s.io/v1
52kind: ClusterRole
53metadata:
54 labels:
55 app.kubernetes.io/instance: kat-rbac-singlenamespace
56 app.kubernetes.io/managed-by: kat
57 app.kubernetes.io/name: emissary-ingress
58 app.kubernetes.io/part-of: kat-rbac-singlenamespace
59 product: aes
60 rbac.getambassador.io/role-group: {self.path.k8s}
61 name: {self.path.k8s}-crd
62rules:
63- apiGroups:
64 - apiextensions.k8s.io
65 resources:
66 - customresourcedefinitions
67 verbs:
68 - get
69 - list
70 - watch
71 - delete
72---
73apiVersion: rbac.authorization.k8s.io/v1
74kind: Role
75metadata:
76 labels:
77 app.kubernetes.io/instance: kat-rbac-singlenamespace
78 app.kubernetes.io/managed-by: kat
79 app.kubernetes.io/name: emissary-ingress
80 app.kubernetes.io/part-of: kat-rbac-singlenamespace
81 product: aes
82 rbac.getambassador.io/role-group: {self.path.k8s}
83 name: {self.path.k8s}
84 namespace: {self.namespace}
85rules:
86- apiGroups:
87 - ""
88 resources:
89 - namespaces
90 - services
91 - secrets
92 - configmaps
93 - endpoints
94 verbs:
95 - get
96 - list
97 - watch
98- apiGroups:
99 - getambassador.io
100 resources:
101 - '*'
102 verbs:
103 - get
104 - list
105 - watch
106 - update
107 - patch
108 - create
109 - delete
110- apiGroups:
111 - getambassador.io
112 resources:
113 - mappings/status
114 verbs:
115 - update
116- apiGroups:
117 - networking.internal.knative.dev
118 resources:
119 - clusteringresses
120 - ingresses
121 verbs:
122 - get
123 - list
124 - watch
125- apiGroups:
126 - networking.x-k8s.io
127 resources:
128 - '*'
129 verbs:
130 - get
131 - list
132 - watch
133- apiGroups:
134 - networking.internal.knative.dev
135 resources:
136 - ingresses/status
137 - clusteringresses/status
138 verbs:
139 - update
140- apiGroups:
141 - extensions
142 - networking.k8s.io
143 resources:
144 - ingresses
145 - ingressclasses
146 verbs:
147 - get
148 - list
149 - watch
150- apiGroups:
151 - extensions
152 - networking.k8s.io
153 resources:
154 - ingresses/status
155 verbs:
156 - update
157---
158apiVersion: rbac.authorization.k8s.io/v1
159kind: RoleBinding
160metadata:
161 labels:
162 app.kubernetes.io/instance: kat-rbac-singlenamespace
163 app.kubernetes.io/managed-by: kat
164 app.kubernetes.io/name: emissary-ingress
165 app.kubernetes.io/part-of: kat-rbac-singlenamespace
166 product: aes
167 name: {self.path.k8s}
168 namespace: {self.namespace}
169roleRef:
170 apiGroup: rbac.authorization.k8s.io
171 kind: Role
172 name: {self.path.k8s}
173subjects:
174- kind: ServiceAccount
175 name: {self.path.k8s}
176 namespace: {self.namespace}
View as plain text