| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: istio-cni |
| labels: |
| app: istio-cni |
| release: {{ .Release.Name }} |
| istio.io/rev: {{ .Values.revision | default "default" }} |
| install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }} |
| operator.istio.io/component: "Cni" |
| rules: |
| - apiGroups: [""] |
| resources: |
| - pods |
| - nodes |
| verbs: |
| - get |
| --- |
| {{- if .Values.cni.repair.enabled }} |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: istio-cni-repair-role |
| labels: |
| app: istio-cni |
| release: {{ .Release.Name }} |
| istio.io/rev: {{ .Values.revision | default "default" }} |
| install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }} |
| operator.istio.io/component: "Cni" |
| rules: |
| - apiGroups: [""] |
| resources: ["pods"] |
| verbs: ["get", "list", "watch", "delete", "patch", "update" ] |
| - apiGroups: [""] |
| resources: ["events"] |
| verbs: ["get", "list", "watch", "delete", "patch", "update", "create" ] |
| {{- end }} |
| --- |
| {{- if .Values.cni.taint.enabled }} |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| name: istio-cni-taint-role |
| labels: |
| app: istio-cni |
| release: {{ .Release.Name }} |
| istio.io/rev: {{ .Values.revision | default "default" }} |
| install.operator.istio.io/owning-resource: {{ .Values.ownerName | default "unknown" }} |
| operator.istio.io/component: "Cni" |
| rules: |
| - apiGroups: [""] |
| resources: ["pods"] |
| verbs: ["get", "list", "watch", "patch"] |
| - apiGroups: [""] |
| resources: ["nodes"] |
| verbs: ["get", "list", "watch", "update", "patch"] |
| - apiGroups: [""] |
| resources: ["configmaps"] |
| verbs: ["get", "list"] |
| - apiGroups: ["coordination.k8s.io"] |
| resources: ["leases"] |
| verbs: ["get", "list", "create", "update"] |
| {{- end }} |