-
Notifications
You must be signed in to change notification settings - Fork 689
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Allow gatewayProvisioner to create contour that only watch limited na…
…mespaces of resources Signed-off-by: Lubron Zhan <[email protected]> Signed-off-by: lubronzhan <[email protected]> Release note Signed-off-by: Lubron Zhan <[email protected]> Signed-off-by: lubronzhan <[email protected]> Unit tests and fix contourDeployment manifest Signed-off-by: lubronzhan <[email protected]> Modify the spec Signed-off-by: Lubron Zhan <[email protected]> Signed-off-by: lubronzhan <[email protected]> Move the contain func- Signed-off-by: lubronzhan <[email protected]> Refactor contains func Signed-off-by: lubronzhan <[email protected]> Inital rbac commit: Signed-off-by: lubronzhan <[email protected]> Refactor the role and rolebinding code again Signed-off-by: Lubron Zhan <[email protected]> Signed-off-by: lubronzhan <[email protected]> Fix golint Signed-off-by: lubronzhan <[email protected]> Signed-off-by: lubronzhan <[email protected]> fix spell Signed-off-by: lubronzhan <[email protected]> Print git diff change Signed-off-by: lubronzhan <[email protected]> Revert "Print git diff change" This reverts commit 189131c. Signed-off-by: lubronzhan <[email protected]> Print out controller-gen version Signed-off-by: lubronzhan <[email protected]> Fix logic Signed-off-by: lubronzhan <[email protected]>
- Loading branch information
1 parent
572515a
commit 2e08f76
Showing
24 changed files
with
455 additions
and
76 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Allow gatewayProvisioner to create contour that only watch limited namespaces of resources |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
examples/namespaced-gatewayapi/gatewayclass-clusterrole.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# GatewayClass is cluster-scope. So split its necessary cluster role into a single file | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: contour-gatewayclass | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: contour-gatewayclass | ||
subjects: | ||
- kind: ServiceAccount | ||
name: contour | ||
namespace: projectcontour | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: contour-gatewayclass | ||
rules: | ||
- apiGroups: | ||
- gateway.networking.k8s.io | ||
resources: | ||
- gatewayclasses | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- apiGroups: | ||
- gateway.networking.k8s.io | ||
resources: | ||
- gatewayclasses/status | ||
verbs: | ||
- update |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# This kustomize file can be used as an example for deploying Contour with custom ClusterRole and Role that could | ||
# change Contour to watch namespaced resources plus cluster-scoped GatewayClass | ||
# It changes the current cluster-wide RBAC rules in the example deployment manifest to namespaced RBAC rules. | ||
# It is meant to be used together with contour serve --watch-namespaces=<ns> option to restrict | ||
# Contour to a certain namespace. | ||
# It also add a ClusterRole and ClusterRoleBinding to Role that only watches GatwayClass | ||
# Run with: | ||
# kubectl kustomize examples/namespaced-gatewayapi/ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
resources: | ||
- ../render/ | ||
- gatewayclass-clusterrole.yaml | ||
patches: | ||
- patch: |- | ||
- op: replace | ||
path: /kind | ||
value: RoleBinding | ||
- op: replace | ||
path: /metadata/name | ||
value: contour-resources | ||
- op: replace | ||
path: /roleRef/kind | ||
value: Role | ||
- op: replace | ||
path: /roleRef/name | ||
value: contour-resources | ||
- op: add | ||
path: /metadata/namespace | ||
value: projectcontour | ||
target: | ||
group: rbac.authorization.k8s.io | ||
kind: ClusterRoleBinding | ||
name: contour | ||
version: v1 | ||
- patch: |- | ||
- op: replace | ||
path: /kind | ||
value: Role | ||
- op: replace | ||
path: /metadata/name | ||
value: contour-resources | ||
- op: add | ||
path: /metadata/namespace | ||
value: projectcontour | ||
- op: replace | ||
path: /rules/1 | ||
value: |- | ||
- apiGroups: | ||
- gateway.networking.k8s.io | ||
resources: | ||
- gateways | ||
- grpcroutes | ||
- httproutes | ||
- referencegrants | ||
- tcproutes | ||
- tlsroutes | ||
verbs: | ||
- get | ||
- list | ||
- watch | ||
- op: replace | ||
path: /rules/2 | ||
value: |- | ||
- apiGroups: | ||
- gateway.networking.k8s.io | ||
resources: | ||
- gateways/status | ||
- grpcroutes/status | ||
- httproutes/status | ||
- tcproutes/status | ||
- tlsroutes/status | ||
verbs: | ||
- update | ||
target: | ||
group: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: contour | ||
version: v1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.