Add rbac to istio services of rancher

dd6b3832 · Guangbo Chen · Craig Jellick · f503fe74 · dd6b3832
Commit dd6b3832 authored Jun 06, 2019 by Guangbo Chen Committed by Craig Jellick Jun 06, 2019
Show whitespace changes
Inline Side-by-side

Showing with 27 additions and 0 deletions

istio-service-rbac.yaml ...er-istio/1.1.5-rancher1/templates/istio-service-rbac.yaml +27 -0

No files found.
--- a/charts/rancher-istio/1.1.5-rancher1/templates/istio-service-rbac.yaml
+++ b/charts/rancher-istio/1.1.5-rancher1/templates/istio-service-rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: istio-service-reader
+rules:
+  - apiGroups: [""]
+    resources: ["services/proxy"]
+    resourceNames: ["http:kiali-http:80", "http:tracing:80", "http:grafana:80", "http:prometheus-http:80"]
+    verbs: ["get", "watch", "list"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: read-istio-service
+  namespace: {{ .Release.Namespace }}
+subjects:
+  - kind: Group
+    name: system:authenticated
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: Role
+  name: istio-service-reader
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file