feat(helm): rbac for bgp

Signed-off-by: SkalaNetworks <[email protected]>

Author: SkalaNetworks

charts/kube-ovn/templates/natGw/rbac.yaml

@@ -0,0 +1,47 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:vpc-nat-gw
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - pods
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - kubeovn.io
+    resources:
+      - iptables-eips
+      - subnets
+      - vpc-nat-gateways
+    verbs:
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: vpc-nat-gw
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:vpc-nat-gw
+subjects:
+  - kind: ServiceAccount
+    name: vpc-nat-gw
+    namespace: {{ .Values.namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: vpc-nat-gw
+  namespace: {{ .Values.namespace }}

charts/kube-ovn/templates/vpc-nat-config.yaml charts/kube-ovn/templates/natGw/vpc-nat-config.yaml

@@ -17,6 +17,6 @@ kind: ConfigMap
 apiVersion: v1
 metadata:
   name: ovn-vpc-nat-gw-config
-  namespace: kube-system
+  namespace: {{ .Values.namespace }}
 data:
   enable-vpc-nat-gw: "{{ .Values.func.ENABLE_NAT_GW }}"

charts/kube-ovn/values.yaml

@@ -163,7 +163,7 @@ natGw:
 # This requires Multus to be installed
 apiNad:
   # -- Enable the creation of the API NAD
-  enabled: true
+  enabled: false
   # -- Name of the NAD
   name: ovn-kubernetes-api
   # -- Name of the provider, must be in the form "nadName.nadNamespace.ovn"