+++ /dev/null
-# Calico Version v3.3.4
-# https://docs.projectcalico.org/v3.3/releases#v3.3.4
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: calico-node
-rules:
- - apiGroups: [""]
- resources:
- - namespaces
- - serviceaccounts
- verbs:
- - get
- - list
- - watch
- - apiGroups: [""]
- resources:
- - pods/status
- verbs:
- - patch
- - apiGroups: [""]
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
- - apiGroups: [""]
- resources:
- - services
- verbs:
- - get
- - apiGroups: [""]
- resources:
- - endpoints
- verbs:
- - get
- - apiGroups: [""]
- resources:
- - nodes
- verbs:
- - get
- - list
- - update
- - watch
- - apiGroups: ["extensions"]
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
- - apiGroups: ["networking.k8s.io"]
- resources:
- - networkpolicies
- verbs:
- - watch
- - list
- - apiGroups: ["crd.projectcalico.org"]
- resources:
- - globalfelixconfigs
- - felixconfigurations
- - bgppeers
- - globalbgpconfigs
- - bgpconfigurations
- - ippools
- - globalnetworkpolicies
- - globalnetworksets
- - networkpolicies
- - clusterinformations
- - hostendpoints
- verbs:
- - create
- - get
- - list
- - update
- - watch
----
-
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: calico-node
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: calico-node
-subjects:
- - kind: ServiceAccount
- name: calico-node
- namespace: kube-system