Use rbac scope feature in e2e tests (#5250)
This commit is contained in:
Manuel Alejandro de Brito Fontes
GitHub
parent
4b78884fc4
commit
130af33510
1 changed files with 3 additions and 115 deletions
|
|
@ -36,120 +36,6 @@ function on_exit {
|
|||
}
|
||||
trap on_exit EXIT
|
||||
|
||||
cat << EOF | kubectl apply --namespace=$NAMESPACE -f -
|
||||
# Required for e2e tcp tests
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: tcp-services
|
||||
namespace: $NAMESPACE
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
|
||||
---
|
||||
|
||||
# Source: nginx-ingress/templates/controller-role.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: nginx-ingress-controller
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- namespaces
|
||||
verbs:
|
||||
- get
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- pods
|
||||
- secrets
|
||||
- endpoints
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- "networking.k8s.io" # k8s 1.14+
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- "networking.k8s.io" # k8s 1.14+
|
||||
resources:
|
||||
- ingresses/status
|
||||
verbs:
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
resourceNames:
|
||||
- ingress-controller-leader-nginx
|
||||
verbs:
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- create
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- endpoints
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
# Source: nginx-ingress/templates/controller-rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: ingress-nginx
|
||||
app.kubernetes.io/part-of: ingress-nginx
|
||||
name: nginx-ingress-controller
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: nginx-ingress-controller
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: nginx-ingress
|
||||
namespace: $NAMESPACE
|
||||
|
||||
EOF
|
||||
|
||||
# Use the namespace overlay if it was requested
|
||||
if [[ ! -z "$NAMESPACE_OVERLAY" && -d "$DIR/namespace-overlays/$NAMESPACE_OVERLAY" ]]; then
|
||||
echo "Namespace overlay $NAMESPACE_OVERLAY is being used for namespace $NAMESPACE"
|
||||
|
|
@ -193,7 +79,9 @@ defaultBackend:
|
|||
enabled: false
|
||||
|
||||
rbac:
|
||||
create: false
|
||||
create: true
|
||||
scope: true
|
||||
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue