Ansible playbook added
[eliot.git] / scripts / cni / calico / rbac.yaml
1 # Calico Version v3.3.4
2 # https://docs.projectcalico.org/v3.3/releases#v3.3.4
3 ---
4 kind: ClusterRole
5 apiVersion: rbac.authorization.k8s.io/v1beta1
6 metadata:
7   name: calico-node
8 rules:
9   - apiGroups: [""]
10     resources:
11       - namespaces
12       - serviceaccounts
13     verbs:
14       - get
15       - list
16       - watch
17   - apiGroups: [""]
18     resources:
19       - pods/status
20     verbs:
21       - patch
22   - apiGroups: [""]
23     resources:
24       - pods
25     verbs:
26       - get
27       - list
28       - watch
29   - apiGroups: [""]
30     resources:
31       - services
32     verbs:
33       - get
34   - apiGroups: [""]
35     resources:
36       - endpoints
37     verbs:
38       - get
39   - apiGroups: [""]
40     resources:
41       - nodes
42     verbs:
43       - get
44       - list
45       - update
46       - watch
47   - apiGroups: ["extensions"]
48     resources:
49       - networkpolicies
50     verbs:
51       - get
52       - list
53       - watch
54   - apiGroups: ["networking.k8s.io"]
55     resources:
56       - networkpolicies
57     verbs:
58       - watch
59       - list
60   - apiGroups: ["crd.projectcalico.org"]
61     resources:
62       - globalfelixconfigs
63       - felixconfigurations
64       - bgppeers
65       - globalbgpconfigs
66       - bgpconfigurations
67       - ippools
68       - globalnetworkpolicies
69       - globalnetworksets
70       - networkpolicies
71       - clusterinformations
72       - hostendpoints
73     verbs:
74       - create
75       - get
76       - list
77       - update
78       - watch
79 ---
80
81 apiVersion: rbac.authorization.k8s.io/v1beta1
82 kind: ClusterRoleBinding
83 metadata:
84   name: calico-node
85 roleRef:
86   apiGroup: rbac.authorization.k8s.io
87   kind: ClusterRole
88   name: calico-node
89 subjects:
90   - kind: ServiceAccount
91     name: calico-node
92     namespace: kube-system