External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-09 02:17:39 -02:30
Code Issues Packages Projects Releases Wiki Activity

[cilium] add custom vars for clusterrole cilium operator (#10267)

Browse Source
This commit is contained in:
jeremy-thuon
2023-07-03 11:20:51 +02:00
committed by GitHub
parent 872e173887
commit 0405af1107
3 changed files with 58 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
View File

@@ -243,3 +243,22 @@
# -- Whether to enable CNP status updates. # -- Whether to enable CNP status updates.
# cilium_disable_cnp_status_updates: true # cilium_disable_cnp_status_updates: true
# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
# cilium_clusterrole_rules_operator_extra_vars:
# - apiGroups:
# - '""'
# resources:
# - pods
# verbs:
# - delete
# - apiGroups:
# - '""'
# resources:
# - nodes
# verbs:
# - list
# - watch
# resourceNames:
# - toto
# cilium_clusterrole_rules_operator_extra_vars: []

19
roles/network_plugin/cilium/defaults/main.yml
View File

@@ -290,3 +290,22 @@ cilium_certgen_args:
hubble-relay-client-cert-validity-duration: 94608000s hubble-relay-client-cert-validity-duration: 94608000s
hubble-relay-client-cert-secret-name: hubble-relay-client-certs hubble-relay-client-cert-secret-name: hubble-relay-client-certs
hubble-relay-server-cert-generate: false hubble-relay-server-cert-generate: false
# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
# cilium_clusterrole_rules_operator_extra_vars:
# - apiGroups:
# - '""'
# resources:
# - pods
# verbs:
# - delete
# - apiGroups:
# - '""'
# resources:
# - nodes
# verbs:
# - list
# - watch
# resourceNames:
# - toto
cilium_clusterrole_rules_operator_extra_vars: []

20
roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
View File

@@ -147,3 +147,23 @@ rules:
- ciliumnetworkpolicies.cilium.io - ciliumnetworkpolicies.cilium.io
- ciliumnodes.cilium.io - ciliumnodes.cilium.io
{% endif %} {% endif %}
{% for rules in cilium_clusterrole_rules_operator_extra_vars %}
- apiGroups:
{% for api in rules['apiGroups'] %}
- {{ api }}
{% endfor %}
resources:
{% for resource in rules['resources'] %}
- {{ resource }}
{% endfor %}
verbs:
{% for verb in rules['verbs'] %}
- {{ verb }}
{% endfor %}
{% if 'resourceNames' in rules %}
resourceNames:
{% for resourceName in rules['resourceNames'] %}
- {{ resourceName }}
{% endfor %}
{% endif %}
{% endfor %}