1---
2###
3### Identity Controller Service RBAC
4###
5kind: ClusterRole
6apiVersion: rbac.authorization.k8s.io/v1
7metadata:
8 name: linkerd-{{.Release.Namespace}}-identity
9 labels:
10 linkerd.io/control-plane-component: identity
11 linkerd.io/control-plane-ns: {{.Release.Namespace}}
12 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
13rules:
14- apiGroups: ["authentication.k8s.io"]
15 resources: ["tokenreviews"]
16 verbs: ["create"]
17# TODO(ver) Restrict this to the Linkerd namespace. See
18# https://github.com/linkerd/linkerd2/issues/9367
19- apiGroups: [""]
20 resources: ["events"]
21 verbs: ["create", "patch"]
22---
23kind: ClusterRoleBinding
24apiVersion: rbac.authorization.k8s.io/v1
25metadata:
26 name: linkerd-{{.Release.Namespace}}-identity
27 labels:
28 linkerd.io/control-plane-component: identity
29 linkerd.io/control-plane-ns: {{.Release.Namespace}}
30 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
31roleRef:
32 apiGroup: rbac.authorization.k8s.io
33 kind: ClusterRole
34 name: linkerd-{{.Release.Namespace}}-identity
35subjects:
36- kind: ServiceAccount
37 name: linkerd-identity
38 namespace: {{.Release.Namespace}}
39---
40kind: ServiceAccount
41apiVersion: v1
42metadata:
43 name: linkerd-identity
44 namespace: {{ .Release.Namespace }}
45 labels:
46 linkerd.io/control-plane-component: identity
47 linkerd.io/control-plane-ns: {{.Release.Namespace}}
48 {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
49{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}
View as plain text