diff --git a/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml b/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml index d5be3ba..ffa4aca 100644 --- a/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml +++ b/charts/yurt-manager/templates/yurt-manager-auto-generated.yaml @@ -5,11 +5,131 @@ # # --------------------------------------------------- +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-csr-approver-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-daemon-pod-updater-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-delegate-lease-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-dns-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-internal-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-pickup-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-gateway-public-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-load-balancer-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-node-bucket-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-node-life-cycle-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-nodepool-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-platform-admin-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-pod-binding-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-service-topology-endpoints-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-service-topology-endpointslice-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-app-daemon-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-app-overrider-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-app-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: yurt-manager-yurt-static-set-controller + namespace: {{ .Release.Namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: yurt-manager-role + name: yurt-manager-basecontroller namespace: {{ .Release.Namespace }} rules: - apiGroups: @@ -21,18 +141,43 @@ rules: - get - patch - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: yurt-manager-webhook + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +rules: - apiGroups: - "" resources: - secrets verbs: + - create - get + - patch - update + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: yurt-manager-role + name: yurt-manager-basecontroller rules: - apiGroups: - "" @@ -43,34 +188,39 @@ rules: - list - watch - apiGroups: - - admissionregistration.k8s.io + - "" resources: - - mutatingwebhookconfigurations + - nodes verbs: - get - list - - patch - - update - watch - apiGroups: - - admissionregistration.k8s.io + - "" resources: - - validatingwebhookconfigurations + - pods verbs: - get - list - - patch - update - watch - apiGroups: - - apiextensions.k8s.io + - "" resources: - - customresourcedefinitions + - secrets verbs: + - create - get - list - patch - - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list - watch - apiGroups: - apps @@ -237,6 +387,12 @@ rules: - get - patch - update +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create - apiGroups: - certificates.k8s.io resources: @@ -293,6 +449,7 @@ rules: - get - patch - update + - watch - apiGroups: - "" resources: @@ -317,6 +474,13 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get - apiGroups: - "" resources: @@ -332,11 +496,7 @@ rules: resources: - nodes/status verbs: - - get - - list - - patch - update - - watch - apiGroups: - "" resources: @@ -356,6 +516,19 @@ rules: verbs: - patch - update +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - create + - get +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create - apiGroups: - "" resources: @@ -396,7 +569,7 @@ rules: - apiGroups: - iot.openyurt.io resources: - - deviceprofiles + - platformadmins verbs: - create - delete @@ -408,21 +581,21 @@ rules: - apiGroups: - iot.openyurt.io resources: - - deviceprofiles/finalizers + - platformadmins/finalizers verbs: - update - apiGroups: - iot.openyurt.io resources: - - deviceprofiles/status + - platformadmins/status verbs: - get - patch - update - apiGroups: - - iot.openyurt.io + - network.openyurt.io resources: - - devices + - poolservices verbs: - create - delete @@ -432,75 +605,96 @@ rules: - update - watch - apiGroups: - - iot.openyurt.io - resources: - - devices/finalizers - verbs: - - update -- apiGroups: - - iot.openyurt.io + - network.openyurt.io resources: - - devices/status + - poolservices/status verbs: - get - patch - update - apiGroups: - - iot.openyurt.io + - raven.openyurt.io resources: - - deviceservices + - gateways verbs: - create - delete - get - list - - patch - update - watch - apiGroups: - - iot.openyurt.io + - raven.openyurt.io resources: - - deviceservices/finalizers + - gateways/finalizers verbs: - update - apiGroups: - - iot.openyurt.io + - raven.openyurt.io resources: - - deviceservices/status + - gateways/status verbs: - get - patch - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-csr-approver-controller +rules: - apiGroups: - - iot.openyurt.io + - certificates.k8s.io resources: - - platformadmins + - certificatesigningrequests verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - iot.openyurt.io + - certificates.k8s.io resources: - - platformadmins/finalizers + - certificatesigningrequests/approval verbs: - update - apiGroups: - - iot.openyurt.io + - certificates.k8s.io + resourceNames: + - kubernetes.io/kube-apiserver-client + - kubernetes.io/kubelet-serving resources: - - platformadmins/status + - signers + verbs: + - approve +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-daemon-pod-updater-controller +rules: +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - nodes verbs: - get + - list - patch - update + - watch - apiGroups: - - network.openyurt.io + - "" resources: - - poolservices + - pods verbs: - create - delete @@ -509,39 +703,1148 @@ rules: - patch - update - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-delegate-lease-controller +rules: - apiGroups: - - network.openyurt.io + - coordination.k8s.io resources: - - poolservices/status + - leases verbs: - get - - patch - - update + - list + - watch - apiGroups: - - raven.openyurt.io + - "" resources: - - gateways + - nodes verbs: - - create - - delete - get - list - update - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-dns-controller +rules: - apiGroups: - - raven.openyurt.io + - apps.openyurt.io resources: - - gateways/finalizers + - nodepools verbs: - - update + - get + - list + - watch - apiGroups: - - raven.openyurt.io + - "" resources: - - gateways/status + - configmaps verbs: + - create + - delete - get - - patch - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-internal-service-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - update + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-pickup-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - crd.projectcalico.org + resources: + - blockaffinities + verbs: + - get + - list + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways/finalizers + verbs: + - update +- apiGroups: + - raven.openyurt.io + resources: + - gateways/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-gateway-public-service-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - raven.openyurt.io + resources: + - gateways + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-load-balancer-set-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - update +- apiGroups: + - network.openyurt.io + resources: + - poolservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - network.openyurt.io + resources: + - poolservices/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-node-bucket-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodebuckets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-node-life-cycle-controller +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - delete + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-nodepool-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - nodepools/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-platform-admin-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services/status + verbs: + - get + - patch + - update +- apiGroups: + - iot.openyurt.io + resources: + - platformadmins + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - iot.openyurt.io + resources: + - platformadmins/finalizers + verbs: + - update +- apiGroups: + - iot.openyurt.io + resources: + - platformadmins/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-pod-binding-controller +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-service-topology-endpoints-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-service-topology-endpointslice-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - patch + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-webhook +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-app-daemon-controller +rules: +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - apps.openyurt.io + resources: + - yurtappdaemons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappdaemons/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-app-overrider-controller +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - list + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappdaemons + verbs: + - get + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappoverriders + verbs: + - get + - list + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-app-set-controller +rules: +- apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - patch + - update +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - statefulsets/status + verbs: + - get + - patch + - update +- apiGroups: + - apps.openyurt.io + resources: + - nodepools + verbs: + - get + - list + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtappsets/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-coordinator-cert-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - get + - list + - patch + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - create + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: yurt-manager-yurt-static-set-controller +rules: +- apiGroups: + - apps.openyurt.io + resources: + - yurtstaticsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps.openyurt.io + resources: + - yurtstaticsets/finalizers + verbs: + - update +- apiGroups: + - apps.openyurt.io + resources: + - yurtstaticsets/status + verbs: + - get + - patch + - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/status + verbs: + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: yurt-manager-yurt-coordinator-cert-controller-binding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: yurt-manager-yurt-coordinator-cert-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-csr-approver-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-csr-approver-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-csr-approver-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-daemon-pod-updater-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-daemon-pod-updater-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-daemon-pod-updater-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-delegate-lease-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-delegate-lease-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-delegate-lease-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-dns-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-dns-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-dns-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-internal-service-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-internal-service-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-internal-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-pickup-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-pickup-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-pickup-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-gateway-public-service-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-gateway-public-service-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-gateway-public-service-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-load-balancer-set-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-load-balancer-set-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-load-balancer-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-node-bucket-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-node-bucket-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-node-bucket-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-node-life-cycle-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-node-life-cycle-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-node-life-cycle-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-nodepool-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-nodepool-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-nodepool-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-platform-admin-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-platform-admin-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-platform-admin-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-pod-binding-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-pod-binding-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-pod-binding-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-service-topology-endpoints-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-service-topology-endpoints-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-service-topology-endpoints-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-service-topology-endpointslice-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-service-topology-endpointslice-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-service-topology-endpointslice-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-app-daemon-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-app-daemon-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-app-daemon-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-app-overrider-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-app-overrider-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-app-overrider-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-app-set-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-app-set-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-app-set-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-coordinator-cert-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-coordinator-cert-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-coordinator-cert-controller + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-yurt-static-set-controller-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-yurt-static-set-controller +subjects: +- kind: ServiceAccount + name: yurt-manager-yurt-static-set-controller + namespace: {{ .Release.Namespace }} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration diff --git a/charts/yurt-manager/templates/yurt-manager.yaml b/charts/yurt-manager/templates/yurt-manager.yaml index 9f72f3b..db79947 100644 --- a/charts/yurt-manager/templates/yurt-manager.yaml +++ b/charts/yurt-manager/templates/yurt-manager.yaml @@ -15,11 +15,24 @@ metadata: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: yurt-manager-rolebinding + name: yurt-manager-webhook-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: yurt-manager-role + name: yurt-manager-webhook +subjects: +- kind: ServiceAccount + name: yurt-manager + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: yurt-manager-controller-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: yurt-manager-basecontroller subjects: - kind: ServiceAccount name: yurt-manager @@ -28,12 +41,12 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: yurt-manager-role-binding + name: yurt-manager-webhook-role-binding namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: yurt-manager-role + name: yurt-manager-webhook subjects: - kind: ServiceAccount name: yurt-manager @@ -140,3 +153,4 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} +--- \ No newline at end of file