068afe5bb9
The auth service (Dex) does not depend on the SIP scheduling output like the other services do, so it can be put in place independet of SIP. This will remove complexity from SIP and give more flexibility in how we deploy Dex through kustomize. Change-Id: I1f871ae3be7d228cef867af6bed8ffffd6d0ea56
40 lines
880 B
YAML
40 lines
880 B
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: scheduler-rolebinding
|
|
namespace: metal3
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: scheduler-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: default
|
|
namespace: sipcluster-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: cluster-scheduler-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cluster-scheduler-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: default
|
|
namespace: sipcluster-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: cluster-infra-service-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: sipcluster-infra-service
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: default
|
|
namespace: sipcluster-system
|