--- /dev/null
+# Calico Version v3.3.4
+# https://docs.projectcalico.org/v3.3/releases#v3.3.4
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: calico-node
+rules:
+ - apiGroups: [""]
+ resources:
+ - namespaces
+ - serviceaccounts
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups: [""]
+ resources:
+ - pods/status
+ verbs:
+ - patch
+ - apiGroups: [""]
+ resources:
+ - pods
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups: [""]
+ resources:
+ - services
+ verbs:
+ - get
+ - apiGroups: [""]
+ resources:
+ - endpoints
+ verbs:
+ - get
+ - apiGroups: [""]
+ resources:
+ - nodes
+ verbs:
+ - get
+ - list
+ - update
+ - watch
+ - apiGroups: ["extensions"]
+ resources:
+ - networkpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups: ["networking.k8s.io"]
+ resources:
+ - networkpolicies
+ verbs:
+ - watch
+ - list
+ - apiGroups: ["crd.projectcalico.org"]
+ resources:
+ - globalfelixconfigs
+ - felixconfigurations
+ - bgppeers
+ - globalbgpconfigs
+ - bgpconfigurations
+ - ippools
+ - globalnetworkpolicies
+ - globalnetworksets
+ - networkpolicies
+ - clusterinformations
+ - hostendpoints
+ verbs:
+ - create
+ - get
+ - list
+ - update
+ - watch
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+ name: calico-node
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: calico-node
+subjects:
+ - kind: ServiceAccount
+ name: calico-node
+ namespace: kube-system