wwweww
68 lines
1.4 KiB
YAML
68 lines
1.4 KiB
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: jwt-secret
|
|
namespace: juwan
|
|
type: Opaque
|
|
data:
|
|
secret-key: MGUyMWE3ZDhjMTQ5ZDg1MWViOWU0MGM3OTE2NWVkYTBlOTE5ZWRkZDU1YjYzOGJjOWRiNzM0NTc4NDIyMjlkZQ==
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: user-rpc
|
|
namespace: juwan
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: envoy-gateway
|
|
namespace: juwan
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: jwt-secret-reader
|
|
namespace: juwan
|
|
rules:
|
|
# JWT Secret 读取权限
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
resourceNames: ["jwt-secret"]
|
|
verbs: ["get"]
|
|
# 服务发现权限
|
|
- apiGroups: [""]
|
|
resources: ["endpoints"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: ["discovery.k8s.io"]
|
|
resources: ["endpointslices"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: user-rpc-jwt-secret-reader
|
|
namespace: juwan
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: jwt-secret-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: user-rpc
|
|
namespace: juwan
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: envoy-gateway-jwt-secret-reader
|
|
namespace: juwan
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: jwt-secret-reader
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: envoy-gateway
|
|
namespace: juwan
|