shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-10-30 20:24:28 +03:00
Code Releases Activity
Files
0ea8cbdfbf9af1c5dda5a457e86eab8362523c72
traefik/docs/content/reference/dynamic-configuration/kubernetes-gateway-rbac.yml
Kevin Pollet 78cc85283c Add k8s resource attributes automatically 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2025-07-21 12:06:04 +02:00

81 lines
1.5 KiB
YAML
Raw Blame History

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gateway-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- watch
# The pods get right is needed to inject k8s.pod.uid and k8s.pod.name in OTel attributes.
# When OTel tracing/logs/metrics are not enabled, this rule is not needed.
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- ""
resources:
- services
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses
- gateways
- httproutes
- grpcroutes
- tcproutes
- tlsroutes
- referencegrants
- backendtlspolicies
verbs:
- get
- list
- watch
- apiGroups:
- gateway.networking.k8s.io
resources:
- gatewayclasses/status
- gateways/status
- httproutes/status
- grpcroutes/status
- tcproutes/status
- tlsroutes/status
- referencegrants/status
- backendtlspolicies/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gateway-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gateway-role
subjects:
- kind: ServiceAccount
name: traefik-controller
namespace: default
View Git Blame Copy Permalink