Skip to content

Commit

Permalink
[cilium] add custom vars for clusterrole cilium operator (kubernetes-…
Browse files Browse the repository at this point in the history
  • Loading branch information
jeremythuon authored and pedromcpedro committed May 8, 2024
1 parent ad75478 commit 56f4748
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 0 deletions.
19 changes: 19 additions & 0 deletions inventory/sample/group_vars/k8s_cluster/k8s-net-cilium.yml
Original file line number Diff line number Diff line change
Expand Up @@ -243,3 +243,22 @@

# -- Whether to enable CNP status updates.
# cilium_disable_cnp_status_updates: true

# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
# cilium_clusterrole_rules_operator_extra_vars:
# - apiGroups:
# - '""'
# resources:
# - pods
# verbs:
# - delete
# - apiGroups:
# - '""'
# resources:
# - nodes
# verbs:
# - list
# - watch
# resourceNames:
# - toto
# cilium_clusterrole_rules_operator_extra_vars: []
19 changes: 19 additions & 0 deletions roles/network_plugin/cilium/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -290,3 +290,22 @@ cilium_certgen_args:
hubble-relay-client-cert-validity-duration: 94608000s
hubble-relay-client-cert-secret-name: hubble-relay-client-certs
hubble-relay-server-cert-generate: false

# A list of extra rules variables to add to clusterrole for cilium operator, formatted like:
# cilium_clusterrole_rules_operator_extra_vars:
# - apiGroups:
# - '""'
# resources:
# - pods
# verbs:
# - delete
# - apiGroups:
# - '""'
# resources:
# - nodes
# verbs:
# - list
# - watch
# resourceNames:
# - toto
cilium_clusterrole_rules_operator_extra_vars: []
20 changes: 20 additions & 0 deletions roles/network_plugin/cilium/templates/cilium-operator/cr.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -147,3 +147,23 @@ rules:
- ciliumnetworkpolicies.cilium.io
- ciliumnodes.cilium.io
{% endif %}
{% for rules in cilium_clusterrole_rules_operator_extra_vars %}
- apiGroups:
{% for api in rules['apiGroups'] %}
- {{ api }}
{% endfor %}
resources:
{% for resource in rules['resources'] %}
- {{ resource }}
{% endfor %}
verbs:
{% for verb in rules['verbs'] %}
- {{ verb }}
{% endfor %}
{% if 'resourceNames' in rules %}
resourceNames:
{% for resourceName in rules['resourceNames'] %}
- {{ resourceName }}
{% endfor %}
{% endif %}
{% endfor %}

0 comments on commit 56f4748

Please sign in to comment.