roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

apiVersion: v1
kind: Template
metadata:
  name: kube-system-service-catalog-role-bindings
objects:

- apiVersion: authorization.openshift.io/v1
  kind: Role
  metadata:
    name: extension-apiserver-authentication-reader
    namespace: ${KUBE_SYSTEM_NAMESPACE}
  rules:
  - apiGroups:
    - ""
    resourceNames:
    - extension-apiserver-authentication
    resources:
    - configmaps
    verbs:
    - get

- apiVersion: authorization.openshift.io/v1
  kind: RoleBinding
  metadata:
    name: extension-apiserver-authentication-reader-binding
    namespace: ${KUBE_SYSTEM_NAMESPACE}
  roleRef:
    name: extension-apiserver-authentication-reader
    namespace: ${KUBE_SYSTEM_NAMESPACE}
  subjects:
  - kind: ServiceAccount
    name: service-catalog-apiserver
    namespace: kube-service-catalog

parameters:
- description: Do not change this value.
  displayName: Name of the kube-system namespace
  name: KUBE_SYSTEM_NAMESPACE
  required: true
  value: kube-system