- verbs:
- - create
- - patch
- - update
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: ovn-reader
-roleRef:
- name: system:ovn-reader
- kind: ClusterRole
- apiGroup: rbac.authorization.k8s.io
-subjects:
-- kind: ServiceAccount
- name: ovn
- namespace: ovn-kubernetes
+ - endpoints
+ - configmaps
+ verbs: ["create", "patch", "update"]
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ - pods
+ verbs: ["patch", "update"]
+- apiGroups:
+ - extensions
+ - policy
+ resources:
+ - podsecuritypolicies
+ resourceNames:
+ - ovn-kubernetes
+ verbs: ["use"]