c12s-kubespray/roles/network_plugin/cilium/templates/hubble/cr.yml.j2

{% if cilium_hubble_tls_generate %}
---
# Source: cilium/templates/hubble-generate-certs-clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: hubble-generate-certs
rules:
  - apiGroups:
      - ""
    resources:
      - secrets
      - configmaps
    verbs:
      - create
  - apiGroups:
      - ""
    resources:
      - secrets
    resourceNames:
      - hubble-server-certs
      - hubble-relay-client-certs
      - hubble-relay-server-certs
    verbs:
      - update
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      - hubble-ca-cert
    verbs:
      - update
  - apiGroups:
      - ""
    resources:
      - secrets
    resourceNames:
      - hubble-ca-secret
    verbs:
      - get
{% endif %}
---
# Source: cilium/templates/hubble-relay-clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: hubble-relay
rules:
  - apiGroups:
      - ""
    resources:
      - componentstatuses
      - endpoints
      - namespaces
      - nodes
      - pods
      - services
    verbs:
      - get
      - list
      - watch
---
# Source: cilium/templates/hubble-ui-clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: hubble-ui
rules:
  - apiGroups:
      - networking.k8s.io
    resources:
      - networkpolicies
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - componentstatuses
      - endpoints
      - namespaces
      - nodes
      - pods
      - services
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - apiextensions.k8s.io
    resources:
      - customresourcedefinitions
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - cilium.io
    resources:
      - "*"
    verbs:
      - get
      - list
      - watch
Upgrade cilium role (#7521) * Upgrade cilium roles * Del old test result * Add hubble ui examples * Refactor hubble metrics * Markdown fix pipeline errors * yamllint check and fix * refactor install from https://github.com/kubernetes-sigs/kubespray/pull/7520 * Docs syntax change (fix) * Cilium set default 1.8.9 * Update cilium version in Readme 2021-04-30 15:09:59 +00:00			`{% if cilium_hubble_tls_generate %}`
			`---`
			`# Source: cilium/templates/hubble-generate-certs-clusterrole.yaml`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`name: hubble-generate-certs`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`- configmaps`
			`verbs:`
			`- create`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`resourceNames:`
			`- hubble-server-certs`
			`- hubble-relay-client-certs`
			`- hubble-relay-server-certs`
			`verbs:`
			`- update`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- configmaps`
			`resourceNames:`
			`- hubble-ca-cert`
			`verbs:`
			`- update`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`resourceNames:`
			`- hubble-ca-secret`
			`verbs:`
			`- get`
			`{% endif %}`
			`---`
			`# Source: cilium/templates/hubble-relay-clusterrole.yaml`
			`kind: ClusterRole`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: hubble-relay`
			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- componentstatuses`
			`- endpoints`
			`- namespaces`
			`- nodes`
			`- pods`
			`- services`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`---`
			`# Source: cilium/templates/hubble-ui-clusterrole.yaml`
			`kind: ClusterRole`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: hubble-ui`
			`rules:`
			`- apiGroups:`
			`- networking.k8s.io`
			`resources:`
			`- networkpolicies`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- componentstatuses`
			`- endpoints`
			`- namespaces`
			`- nodes`
			`- pods`
			`- services`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- apiextensions.k8s.io`
			`resources:`
			`- customresourcedefinitions`
			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- cilium.io`
			`resources:`
			`- "*"`
			`verbs:`
			`- get`
			`- list`
			`- watch`