roles/openshift_service_catalog/files/kubesystem_roles_bindings.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38

apiVersion: v1
kind: Template
metadata:
  name: kube-system-service-catalog
objects:

- kind: Role
  apiVersion: v1
  metadata:
    name: extension-apiserver-authentication-reader
    namespace: ${KUBE_SYSTEM_NAMESPACE}
  rules:
  - apiGroups:
    - ""
    resourceNames:
    - extension-apiserver-authentication
    resources:
    - configmaps
    verbs:
    - get

- kind: RoleBinding
  apiVersion: v1
  metadata:
    name: extension-apiserver-authentication-reader-binding
    namespace: ${KUBE_SYSTEM_NAMESPACE}
  roleRef:
    name: extension-apiserver-authentication-reader
    namespace: kube-system
  userNames:
    - system:serviceaccount:kube-service-catalog:service-catalog-apiserver

parameters:
- description: Do not change this value.
  displayName: Name of the kube-system namespace
  name: KUBE_SYSTEM_NAMESPACE
  required: true
  value: kube-system