...

Text file src/github.com/linkerd/linkerd2/viz/charts/linkerd-viz/templates/web-rbac.yaml

Documentation: github.com/linkerd/linkerd2/viz/charts/linkerd-viz/templates 

     1---
     2###
     3### Web RBAC
     4###
     5apiVersion: rbac.authorization.k8s.io/v1
     6kind: Role
     7metadata:
     8  name: web
     9  namespace: {{.Values.linkerdNamespace}}
    10  labels:
    11    linkerd.io/extension: viz
    12    component: web
    13    namespace: {{.Values.linkerdNamespace}}
    14    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    15rules:
    16- apiGroups: [""]
    17  resources: ["configmaps"]
    18  verbs: ["get"]
    19  resourceNames: ["linkerd-config"]
    20  {{- if not .Values.dashboard.restrictPrivileges }}
    21- apiGroups: [""]
    22  resources: ["namespaces", "configmaps"]
    23  verbs: ["get"]
    24- apiGroups: [""]
    25  resources: ["serviceaccounts", "pods"]
    26  verbs: ["list"]
    27- apiGroups: ["apps"]
    28  resources: ["replicasets"]
    29  verbs: ["list"]
    30  {{- end }}
    31---
    32apiVersion: rbac.authorization.k8s.io/v1
    33kind: RoleBinding
    34metadata:
    35  name: web
    36  namespace: {{.Values.linkerdNamespace}}
    37  labels:
    38    linkerd.io/extension: viz
    39    component: web
    40    namespace: {{.Values.linkerdNamespace}}
    41    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    42roleRef:
    43  kind: Role
    44  name: web
    45  apiGroup: rbac.authorization.k8s.io
    46subjects:
    47- kind: ServiceAccount
    48  name: web
    49  namespace: {{.Release.Namespace}}
    50---
    51{{- if not .Values.dashboard.restrictPrivileges }}
    52apiVersion: rbac.authorization.k8s.io/v1
    53kind: ClusterRole
    54metadata:
    55  name: linkerd-{{.Release.Namespace}}-web-check
    56  labels:
    57    linkerd.io/extension: viz
    58    component: web
    59    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    60rules:
    61- apiGroups: ["rbac.authorization.k8s.io"]
    62  resources: ["clusterroles", "clusterrolebindings"]
    63  verbs: ["list"]
    64- apiGroups: ["apiextensions.k8s.io"]
    65  resources: ["customresourcedefinitions"]
    66  verbs: ["list"]
    67- apiGroups: ["admissionregistration.k8s.io"]
    68  resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
    69  verbs: ["list"]
    70- apiGroups: ["linkerd.io"]
    71  resources: ["serviceprofiles"]
    72  verbs: ["list"]
    73- apiGroups: [""]
    74  resources: ["nodes", "pods", "services"]
    75  verbs: ["list"]
    76- apiGroups: ["apiregistration.k8s.io"]
    77  resources: ["apiservices"]
    78  verbs: ["get"]
    79---
    80apiVersion: rbac.authorization.k8s.io/v1
    81kind: ClusterRoleBinding
    82metadata:
    83  name: linkerd-{{.Release.Namespace}}-web-check
    84  labels:
    85    linkerd.io/extension: viz
    86    component: web
    87    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
    88roleRef:
    89  kind: ClusterRole
    90  name: linkerd-{{.Release.Namespace}}-web-check
    91  apiGroup: rbac.authorization.k8s.io
    92subjects:
    93- kind: ServiceAccount
    94  name: web
    95  namespace: {{.Release.Namespace}}
    96---
    97kind: ClusterRoleBinding
    98apiVersion: rbac.authorization.k8s.io/v1
    99metadata:
   100  name: linkerd-{{.Release.Namespace}}-web-admin
   101  labels:
   102    linkerd.io/extension: viz
   103    component: web
   104    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   105roleRef:
   106  apiGroup: rbac.authorization.k8s.io
   107  kind: ClusterRole
   108  name: linkerd-{{.Release.Namespace}}-tap-admin
   109subjects:
   110- kind: ServiceAccount
   111  name: web
   112  namespace: {{.Release.Namespace}}
   113---
   114apiVersion: rbac.authorization.k8s.io/v1
   115kind: ClusterRole
   116metadata:
   117  name: linkerd-{{.Release.Namespace}}-web-api
   118  labels:
   119    linkerd.io/extension: viz
   120    component: web
   121    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   122rules:
   123- apiGroups: [""]
   124  resources: ["namespaces"]
   125  verbs: ["list"]
   126---
   127apiVersion: rbac.authorization.k8s.io/v1
   128kind: ClusterRoleBinding
   129metadata:
   130  name: linkerd-{{.Release.Namespace}}-web-api
   131  labels:
   132    linkerd.io/extension: viz
   133    component: web
   134    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   135roleRef:
   136  kind: ClusterRole
   137  name: linkerd-{{.Release.Namespace}}-web-api
   138  apiGroup: rbac.authorization.k8s.io
   139subjects:
   140- kind: ServiceAccount
   141  name: web
   142  namespace: {{.Release.Namespace}}
   143---
   144{{- end}}
   145kind: ServiceAccount
   146apiVersion: v1
   147metadata:
   148  name: web
   149  namespace: {{ .Release.Namespace }}
   150  labels:
   151    linkerd.io/extension: viz
   152    component: web
   153    namespace: {{.Release.Namespace}}
   154    {{- with .Values.commonLabels }}{{ toYaml . | trim | nindent 4 }}{{- end }}
   155{{- include "partials.image-pull-secrets" .Values.imagePullSecrets }}

View as plain text