#
#   Copyright 2020 Huawei Technologies Co., Ltd.
#
#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.
#

kind: ServiceAccount
apiVersion: v1
metadata:
  name: edgegallery-secondary-ep-controller
  namespace: kube-system
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: multi-ip-controller
rules:
  - apiGroups: [""]
    resources: ["services", "pods"]
    verbs: ["get", "watch", "list"]
  - apiGroups: [""]
    resources: ["endpoints", "events"]
    verbs: ["*"]
  - apiGroups: ["k8s.cni.cncf.io"]
    resources: ["network-attachment-definitions"]
    verbs: ["*"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: watch-update-secondary-endpoints
subjects:
  - kind: ServiceAccount
    name: edgegallery-secondary-ep-controller
    namespace: kube-system
roleRef:
  kind: ClusterRole
  name: multi-ip-controller
  apiGroup: rbac.authorization.k8s.io