src/foundation/scripts/cni/danm/integration/manifests/svcwatcher/0svcwatcher_rbac.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 apiVersion: v1
   3 kind: ServiceAccount
   4 metadata:
   5   name: svcwatcher
   6   namespace: kube-system
   7   labels:
   8       kubernetes.io/cluster-service: "true"
   9 ---
  10 apiVersion: rbac.authorization.k8s.io/v1
  11 kind: ClusterRole
  12 metadata:
  13   labels:
  14     kubernetes.io/bootstrapping: rbac-defaults
  15   name: system:svcwatcher
  16 rules:
  17 - apiGroups:
  18   - ""
  19   resources:
  20   - endpoints
  21   verbs:
  22   - list
  23   - watch
  24   - get
  25   - update
  26   - create
  27   - delete
  28 - apiGroups:
  29   - ""
  30   resources:
  31   - services
  32   - pods
  33   verbs:
  34   - list
  35   - watch
  36   - get
  37 - apiGroups:
  38   - "danm.k8s.io"
  39   resources:
  40   - danmeps
  41   verbs:
  42   - get
  43   - list
  44   - watch
  45   - create
  46   - update
  47   - patch
  48   - delete
  49 ---
  50 apiVersion: rbac.authorization.k8s.io/v1
  51 kind: ClusterRoleBinding
  52 metadata:
  53   annotations:
  54     rbac.authorization.kubernetes.io/autoupdate: "true"
  55   labels:
  56     kubernetes.io/bootstrapping: rbac-defaults
  57   name: system:svcwatcher
  58 roleRef:
  59   apiGroup: rbac.authorization.k8s.io
  60   kind: ClusterRole
  61   name: system:svcwatcher
  62 subjects:
  63 - kind: ServiceAccount
  64   namespace: kube-system
  65   name: svcwatcher