Code Review / iec.git / blob
? search:


95115c724ef99df8e33c4754e7b0eca5a6fa0adc
[iec.git] / src / foundation / scripts / cni / calico / rbac.yaml
1 # Calico Version v3.3.2
2 # https://docs.projectcalico.org/v3.3/releases#v3.3.2
3
4 ---
5
6 kind: ClusterRole
7 apiVersion: rbac.authorization.k8s.io/v1beta1
8 metadata:
9   name: calico-kube-controllers
10 rules:
11   - apiGroups:
12     - ""
13     - extensions
14     resources:
15       - pods
16       - namespaces
17       - networkpolicies
18       - nodes
19       - serviceaccounts
20     verbs:
21       - watch
22       - list
23   - apiGroups:
24     - networking.k8s.io
25     resources:
26       - networkpolicies
27     verbs:
28       - watch
29       - list
30 ---
31 kind: ClusterRoleBinding
32 apiVersion: rbac.authorization.k8s.io/v1beta1
33 metadata:
34   name: calico-kube-controllers
35 roleRef:
36   apiGroup: rbac.authorization.k8s.io
37   kind: ClusterRole
38   name: calico-kube-controllers
39 subjects:
40 - kind: ServiceAccount
41   name: calico-kube-controllers
42   namespace: kube-system
43
44 ---
45
46 kind: ClusterRole
47 apiVersion: rbac.authorization.k8s.io/v1beta1
48 metadata:
49   name: calico-node
50 rules:
51   - apiGroups: [""]
52     resources:
53       - pods
54       - nodes
55       - namespaces
56     verbs:
57       - get
58   - apiGroups: [""]
59     resources:
60       - nodes/status
61     verbs:
62       - patch
63
64 ---
65
66 apiVersion: rbac.authorization.k8s.io/v1beta1
67 kind: ClusterRoleBinding
68 metadata:
69   name: calico-node
70 roleRef:
71   apiGroup: rbac.authorization.k8s.io
72   kind: ClusterRole
73   name: calico-node
74 subjects:
75 - kind: ServiceAccount
76   name: calico-node
77   namespace: kube-system