Added RBAC support for netchecker. Added RBAC permissions for customresourcedefinitions for netchecker server. Related-Prod: PROD-16235 Change-Id: I27833ca08d05a2dc248839a04698af876c461aaa

commit: 8e59a7a3fa76349fdbc4088fe10182e9e4414a33 [log] [tgz]
author: vrovachev <vrovachev@mirantis.com> Thu Dec 07 21:15:43 2017 +0400
committer: Vadim Rovachev <vrovachev@mirantis.com> Tue Dec 12 13:25:24 2017 +0000
tree: 35d24983847fa568e8dc362bba995cefee7fc934
parent: 1660857b4810128c47ec3483d00cb908014865cc [diff]
diff --git a/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml b/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml
new file mode 100644
index 0000000..3dfe75e
--- /dev/null
+++ b/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml

@@ -0,0 +1,46 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: netchecker-server
+rules:
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - network-checker.ext
+    resources:
+      - agents
+    verbs:
+      - create
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: netchecker
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: netchecker-server
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:serviceaccounts
\ No newline at end of file
commit	8e59a7a3fa76349fdbc4088fe10182e9e4414a33	[log] [tgz]
author	vrovachev <vrovachev@mirantis.com>	Thu Dec 07 21:15:43 2017 +0400
committer	Vadim Rovachev <vrovachev@mirantis.com>	Tue Dec 12 13:25:24 2017 +0000
tree	35d24983847fa568e8dc362bba995cefee7fc934
parent	1660857b4810128c47ec3483d00cb908014865cc [diff]