...

Text file src/github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates/remote-access-service-mirror-rbac.yaml

Documentation: github.com/linkerd/linkerd2/multicluster/charts/linkerd-multicluster/templates 

     1{{if .Values.remoteMirrorServiceAccount -}}
     2{{- $names := .Values.remoteMirrorServiceAccountName -}}
     3{{- if not (kindIs "slice" .Values.remoteMirrorServiceAccountName) -}}
     4  {{- $names = splitList "," .Values.remoteMirrorServiceAccountName -}}
     5{{- end -}}
     6{{- range $names -}}
     7---
     8apiVersion: rbac.authorization.k8s.io/v1
     9kind: ClusterRole
    10metadata:
    11  name: {{.}}
    12  labels:
    13    linkerd.io/extension: multicluster
    14    {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    15  annotations:
    16    {{ include "partials.annotations.created-by" $ }}
    17rules:
    18- apiGroups: ["apps"]
    19  resources: ["replicasets"]
    20  verbs: ["list", "get", "watch"]
    21- apiGroups: ["batch"]
    22  resources: ["jobs"]
    23  verbs: ["list", "get", "watch"]
    24- apiGroups: [""]
    25  resources: ["pods", "endpoints", "services"]
    26  verbs: ["list", "get", "watch"]
    27- apiGroups: ["discovery.k8s.io"]
    28  resources: ["endpointslices"]
    29  verbs: ["list", "get", "watch"]
    30- apiGroups: ["policy.linkerd.io"]
    31  resources: ["servers"]
    32  verbs: ["list", "get", "watch"]
    33- apiGroups: [""]
    34  resources: ["configmaps"]
    35  verbs: ["get"]
    36  resourceNames: ["linkerd-config"]
    37- apiGroups: [""]
    38  resources: ["events"]
    39  verbs: ["create", "patch"]
    40---
    41apiVersion: v1
    42kind: ServiceAccount
    43metadata:
    44  name: {{.}}
    45  namespace: {{$.Release.Namespace}}
    46  labels:
    47    linkerd.io/extension: multicluster
    48    {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    49  annotations:
    50    {{ include "partials.annotations.created-by" $ }}
    51{{- include "partials.image-pull-secrets" $.Values.imagePullSecrets }}
    52---
    53apiVersion: v1
    54kind: Secret
    55metadata:
    56  name: {{.}}-token
    57  namespace: {{$.Release.Namespace}}
    58  labels:
    59    linkerd.io/extension: multicluster
    60    {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    61  annotations:
    62    kubernetes.io/service-account.name: {{.}}
    63    {{ include "partials.annotations.created-by" $ }}
    64type: kubernetes.io/service-account-token
    65---
    66apiVersion: rbac.authorization.k8s.io/v1
    67kind: ClusterRoleBinding
    68metadata:
    69  name: {{.}}
    70  labels:
    71    linkerd.io/extension: multicluster
    72    {{- with $.Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    73  annotations:
    74    {{ include "partials.annotations.created-by" $ }}
    75roleRef:
    76  apiGroup: rbac.authorization.k8s.io
    77  kind: ClusterRole
    78  name: {{.}}
    79subjects:
    80- kind: ServiceAccount
    81  name: {{.}}
    82  namespace: {{$.Release.Namespace}}
    83{{end -}}
    84{{end -}}

View as plain text